Sending automated medical appointment reminders has been shown to decrease appointment “no shows” and has a potential to enhance the patient-provider relationship. However, given the concern about data breaches, automated appointment reminders remain an underutilized feature of patient portals. According to the U.S. Department of Health & Human Services, appointment reminders are allowed under the HIPAA privacy rules. Their position on the topic is: “Appointment reminders are considered part of treatment of an individual and, therefore, can be made without authorization” meaning that providers don’t need to worry about breaching HIPAA while sending an appointment reminder.
To ensure that you and your patients are protected, Bridge recommends you do the following when launching an automated medical appointment reminder system:
- Make sure your NPP (Notice of Privacy Practices) is updated and includes information about opting-in for appointment reminders by SMS and/or email.
- The NPP should be explicitly clear and state something similar to “We are going to be sending automated SMS text message/email reminders about your upcoming appointments. If this is a problem for you please notify us.”
- Have patients verify their contact information, including their phone number, regularly.
- Consider an additional opt-in outside of the NPP; many people do not read the NPP and texting appointment data may be unacceptable to some people.
- Give patients the option for a preferred method of contact, or at the least, the ability to opt out of specific outreach methods.
What to Include in (and Exclude from) a HIPAA-Compliant Appointment Reminder
When sending appointment reminders via SMS text messages it is best to avoid being too specific. Keep in mind that practice names can infer types of treatment or conditions. For example, “Oncology Clinic” clearly indicates that the patient has cancer.
Generic reminders include:
- Appointment date and time
- Provider first and last name
- Location of the appointment
By using these tips, you can get the most out of your patient portal and have peace of mind that you are not compromising your patient’s right to privacy or causing any data breaches.