In today’s patient-centered landscape, healthcare professionals are working hard to engage their patients outside of the doctor’s office, when and where it’s convenient for the patient. For this reason, technology automation is increasingly catalyzing an improved patient experience through the creation of engagement tools, such as a physician text message program.

Patient engagement is not a new concept. But, the explosion of technology and automated resources offer a more cost-effective and efficient way to engage patients, while also improving patient satisfaction.

However, misinformation about security regulations and fear of noncompliance often prevents health organizations from implementing HIPAA compliant texting and other automated solutions, which limits their opportunities to effectively engage their patient populations.

One such deterrent is the Telephone Consumer Protection Act (TCPA), which was established in 1991 to protect consumers from unsolicited telemarketing phone calls by prohibiting the use of automated voice messages through the use of auto-dialers without prior consent. Misconceptions are two-fold, as health professionals may believe that the TCPA applies only to marketing calls or that the TCPA does not apply to covered entities complying with HIPAA. Both of these myths need to be addressed in order to avoid costly penalties.

Fortunately, both HIPAA and TCPA encourage healthcare providers and payers to leverage mobile phones and text messaging to communicate with patients. In fact, in 2012, the Federal Communications Commission (FCC) issued a healthcare exception, allowing covered entities to deliver calls and text messages related to health screenings, immunization reminders, and other healthcare-relevant information, provided they are compliant with the Health Insurance Portability and Accountability (HIPAA) and abide with seven specific conditions.

The following four steps will help you understand and abide by regulations, minimizing your risk of penalties for non-compliance while helping you to engage your patients through an effective physician text message program.

STEP 1: Comply With HIPAA

Healthcare professionals are encouraged to accommodate patient requests to receive communications regarding their PHI by alternative means such as voice, email, or via a physician text message program. And, according to the U.S. Department of Health and Human Services, the HIPAA Privacy Rule “allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they apply reasonable safeguards when doing so.” The same effort to reasonably safeguard PHI electronically should be applied to other forms of communication, including text and voice.

Reasonable safeguards subjective and heavily influenced by a number of factors, including size of the covered entity and the nature of the business. Covered entities should consider their individual needs and circumstances, taking financial and administrative burdens into account when implementing safeguards.

Complying with HIPAA is important, but it doesn’t negate the requirement for covered entities and business associates who work for them to adhere to the Healthcare Exception’s seven conditions. This is important to note, especially if your organization is considering implementing a physician text message program.

STEP 2: Obtain Prior Express Consent

Under the healthcare exemption, providing a cell phone number constitutes consent to receiving calls or texts for “care, services, or supplies related to the health of an individual”. Landline phones, on the other hand, do not require express consent for healthcare-related messages using IF the caller is not using an automated dialer system. When selecting a third party vendor to support a physician text message program, it is important to ensure they have capabilities to detect the difference between cell phone and landline phone numbers.

Accuracy of the numbers dialed is also important, as the recipient of the call or text must be the intended audience from whom you already have express consent. In the event a phone number has been reassigned, healthcare entities are provided a safe harbor for the first call but thereafter, they should be aware the number is reassigned. That’s why Providertech offers a proprietary Active Patient Identity VerificationTM (APIVTM) system designed to enhance right-party contact and reduce risk associated with recycled phone numbers and stale data in a physician text message program.

Since the TCPA was initially drafted to curb intrusive telemarketing calls, the same principles apply to healthcare outreach. If you want to send promotional advertisements, telemarketing messages, or billing-related information, you MUST collect written expressed consent.

STEP 3: Abide with Messaging Restrictions

As noted in TCPA’s seven conditions, there are certain provisions that you need to apply to your physician text message program.

First, the content of healthcare calls or texts may NOT be related to promotional marketing or financial collection. Rather, messaging in a physician text message program must be specifically relevant to the patient’s health and wellness, such as:

In addition, pre-recorded voice messages (for cell phones and residential landlines) must be under one minute in length. Likewise, text messages must be under 160 characters. Contact via text or a phone call must be limited to up to one time per day, or up to three times per week. Over-messaging is non-compliant.

STEP 4: Honor Opt-Out Requests

Finally, all communications must provide a clear option for recipients to revoke their consent via opt-outs. Whether it’s a STOP opt-out via text in your physician text message program or an alternative option to express a desire to receive no more messages from the caller, opt-outs must be honored immediately. As you design your communication workflow, you must establish policies and procedures to manage and update your notification systems in your physician text message program based on patient opt-outs.


Identify and manage risk carefully, but don’t let misinformation prevent you from leveraging automated communication solutions like a physician text message program. Rather, consider the following important questions as you design your patient outreach programs:

  • How will you obtain the consent required?
  • How do you ensure third parties who communicate with your patients on your behalf are complying with the TCPA?
  • What kinds of messages are you planning to send your patients?
  • How will you honor opt-out requests in a timely and effective manner?

For more information about how to comply with the TCPA in your physician text message program, read our free white paper TCPA Compliance 101: A Guide to Safely Communicating with Your Patients.