See topics forHealthcare Compliance & Privacy
Is Texting PHI HIPAA-Compliant?
Texting Protected Health Information (PHI) may seem convenient, but under the HIPAA Privacy Rule, it’s only allowed if strict security measures are in place. Most standard texting apps (like SMS, iMessage, or WhatsApp) do not meet HIPAA’s requirements for protecting patient data. Even well-intentioned messages can lead to serious privacy violations.
What Counts as PHI in a Text?
If a message includes any of the following, it may be considered PHI:
- Patient names
- Medical record numbers
- Diagnoses or treatment details
- Appointment information linked to a patient
- Insurance or billing details
What Makes Texting PHI HIPAA-Compliant?
You can only text PHI if:
- You’re using a secure, encrypted messaging platform approved by UConn Health.
- Voalte and TigerConnect are secure messaging platforms approved and used by UConn Health. They should not be used for personal use.
Do not send PHI through:
- Personal phones or messaging apps
- Unsecured platforms without encryption
- Messages that include patient identifiers, diagnoses, or treatment details
Best Practices
- Only use UConn Health-approved secure messaging tools, such as Voalte, when texting PHI.
- Do not use UConn Health-provided secure messaging tools for personal, non-work-related, or treatment communications.
- Keep messages brief and avoid unnecessary identifiers, and use only the minimum necessary information for the intended purpose.
- When in doubt, don’t send—ask your supervisor or contact OHCP.
Questions?
Reach out to the Office of Healthcare Compliance & Privacy or the Office of the General Counsel for guidance on secure communication tools and HIPAA-compliant practices.