The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that seeks to ensure the security and confidentiality of patient health information. HIPAA generally applies to “covered entities” (including any health care provider) and “business associates” (any third party engaged by a covered entity to help carry out its health care activities and functions.) Thus, under HIPAA, you are a covered entity and Local Gold, LLC is your business associate.
The Telephone Consumer Protection Act (TCPA) is a federal law that regulates the way consumers are contacted by telephone, text message (SMS) and fax. These regulations include the automated text messages that you send to your patients through the Local Gold, LLC patient communications platform.
The TCPA requires that businesses obtain prior consent from patients when sending any sort of SMS messages. As a HIPAA covered entity, requirements for how consent is obtained vary depending on whether the message is health-related information or if the message includes marketing-focused content.
Consent for Informational Health Care Messages:
For HIPAA covered entities sending informational only health-related messages, consent from each patient can be either written, electronic or verbal. With these guidelines, you are able to send informational messages to your patients. Outreach reminders, notifications, and other similar health care messages without marketing content fall within the informational health-related information category.
We strongly recommend that your “Notice of Privacy Practices” states that you may use your patients’ cell phone numbers to reach out to them with informational messages. We also suggest that you obtain written acknowledgment from each patient which states that they have reviewed your privacy practice. Although these are the most highly recommended practices, consent can also be obtained from patients in other manners (verbal consent is acceptable.)
We encourage you to educate yourself on TCPA guidelines by visiting the U.S. Federal Communications Commission website prior to adding any consent language to your “Notice of Privacy Practices”.
Consent for Marketing-Focused Messages:
Messages with any sort of marketing content require that your patient provide your practice with “express written consent”, which may be obtained in an electronic format.
The TCPA requires that you honor patient requests to opt-out of future telephone, fax, or SMS messages. The Local Gold, LLC patient communications system allows a patient to opt-out of text messages at any time by replying with the word STOP to any text message sent through the system.
For more information about your responsibilities under the TCPA, please visit the U.S. Federal Communications Commission website.
THIS IS NOT LEGAL ADVICE
Please note that, while we are dedicated to giving you tools that will help you stay compliant with HIPAA and TCPA regulations, the information we provide is not legal advice. You are responsible for ensuring the compliance of your patient messages. We encourage you to seek out competent legal counsel for specific direction and guidance.
We have provided the following information to help you understand what your responsibilities are, and how the Local Gold service aids you in remaining compliant with these objectives.