How to Send Automated Medical Appointment Reminders Without Jeopardizing Patients’ Data Security
- Posted On July 5th
- In Health IT
Updated on August 14, 2020.
Sending HIPAA compliant appointment reminders has been shown to decrease appointment “no shows” and has the potential to enhance the patient-provider relationship. However, given the concern about data breaches, automated appointment reminders remain an underutilized feature of patient portals. According to the U.S. Department of Health & Human Services, medical appointment reminders are allowed under HIPAA privacy rules, which state, “Appointment reminders are considered part of the treatment of an individual and, therefore, can be made without authorization.” This statement means that providers don’t need to worry about breaching HIPAA while sending an appointment reminder.
To ensure that you and your patients are protected, Bridge recommends you do the following when launching a patient appointment reminder software:
- Ensure your NPP (Notice of Privacy Practices) is updated and includes information about opting-in for appointment reminders by SMS and/or email.
- The NPP should be explicitly clear and state something similar to “You’ll be receiving automated SMS text message/email reminders about your upcoming appointments. If you would rather opt-out, please notify us.”
- Have patients verify their contact information, including their phone number, regularly.
- Consider an additional opt-in outside NPP; many people do not read the NPP, and texting appointment data may be unacceptable to some people.
- Give patients the option for a preferred method of contact, or at the least, the ability to opt-out of specific outreach methods.
- IVR reminders. Interactive Voice Response-based calls also support user-inputted responses (i.e., “Press 1 to confirm, or 2 to cancel your upcoming appointment”).
- SMS reminders
- Email reminders
- Push notifications
- Bidirectional patient messaging
What to Include in (and Exclude from) HIPAA Compliant Medical Appointment Reminders
When sending a HIPAA text message appointment reminder, it is best to avoid being too specific. Keep in mind that practice names can infer types of treatment or conditions. For example, “Oncology Clinic” clearly indicates that the patient has cancer.
Generic reminders include:
- Appointment date and time
- Provider’s first and last name
- Location of the appointment
By using these tips, you can get the most out of your patient portal and have peace of mind that you do not compromise your patient’s right to privacy or cause any data breaches.
By centralizing a patient opt-in/out preferences in a single system, you become more compliant, avoid the over-sending of messages, and can take greater advantage of these communication tools.
Once patients have received an appointment reminder, there are several responses a patient can choose. If a patient can’t make an appointment, they can reschedule through a patient self-scheduling software. This software provides patients with a means to contact their provider without calling into the office. Self-scheduling software ensures that a patient can work their way through the proper clinical screening and select from conflict-free times within the patient scheduler. A self-scheduling solution is built to handle complex scheduling decision trees and is adaptable to any provider group.
Features and benefits of Bridge’s patient appointment reminder software
- Customizable Messages. Providers are able to send mass messages as well as messages customized for a specific patient.
- Bilingual. All messages are available in English/Spanish.
- HIPAA-Compliant. Bridge offers a HIPAA compliant patient portal, which secures Protected Health Information (PHI).
- Push Notification Capabilities. Send alerts to patients via their mobile devices.
- EHR/PM System Integrated. Appointment data is sourced straight from the EHR/PM System, such us Greenway Health™, Centricity™, and NextGen®.
- Custom Triggered Notifications. Trigger specific notifications for different types of appointments.
There are multiple ways to ensure patient data security when sending automated medical appointment reminders. One way is to make patients aware of automatic reminders via an opt-in within the notice of privacy practices. Healthcare organizations should be conscious of a patient’s preferred method of contact. In order to maintain HIPAA compliance, all messages sent to patients, including appointment reminders, should not include any protected health information.