Text Messages from An EMR

Text messages are becoming more and more popular in the US. It’s funny, because the US is about 5 or so years behind Europe when it comes to the use of text messages. Better late than never I guess. The addiction is especially true with high school children, but the college ranks are ravaged with students who are addicted to texting. I’ve heard some parents say that a text message is the only way they can communicate with their child (how sad is that?).

Considering text messages are getting so popular, I wonder if any EMR companies have integrated text messaging into their software. The most obvious use would be to send a text message reminder about the appointment. I think many patients would love this service. A text message reminder for an annual pap smear or other follow up appointment would be really beneficial as well.

This really wouldn’t be that hard to implement since you can send an email which then goes to someone as a text message. The challenge is only figuring out which provider that person was on in order to send the email to the right place.

Is anyone doing text messages from their EMR? Certainly there are some HIPAA considerations here, but that should be covered by the agreement when they give you their cell number.

About the author

John Lynn

John Lynn

John Lynn is the Founder of the HealthcareScene.com, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference, EXPO.health, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.


  • Observations:
    Text Messages are sent unecrypted through the Wireless carrier infrastructure.

    Sender and Receiver are identified by wireless phone number. How do I verify the Provider’s ID if a variety of cell phone numbers are used to send messages. How do I know if intended recipient receives the text message?

    You could use text message to request a live conversation with the patient where ID verification would take place.

    Ownership of a 5 digit SMS sender ID is expensive, but it solves problem of sender identity. Higher message volumes required to justify

    An alternative for lower volume message senders is to install an SMS network appliance and work with the appliance vendor’s contracted MVNO ( SMS middleman reseller) using their source address for all messages. SMS appliances on your network have cell phone radios embedded. More than one cell number could still be used

    Use of SMS is feasible if the security concerns do not violate HIPAA

  • There is also the issue of logs on both the phones and any potential logs that the carrier may keep.
    Since text messages are just like a smaller version of what e-mail has evolved into (quick, unsecure messaging), I don’t think we will be able to move beyond the use of them for notification that a message has been recieved in a secure portal rather than notification that a patients labs were abnormal.

  • PatientNOW Medical Record Suite 5.0 and Medical Spa Suite 3.0 provide text messaging for email appointment reminders and from the appointment screen. This has worked nicely as patients need multiple reminders. We support email reminders, text page reminders, post cards, and phone calls. Our reminders are based on appointment type. They are completely automatic. We haven’t seen a downside at this time. They don’t convey any data about the patient or a medical condition. For more information, you are welcome to contact me – Jerry Jacobson at jjacobson@patientnow.com or 800-436-3150 x86

  • Certainly you have to be cautious with your use of text messages. You can’t send lab results or something to them, but you usually wouldn’t want to anyway. That’s why I suggested it for appointment reminders. HIPAA shouldn’t be a problem if it doesn’t include PHI and they agreed to receive the notification when they first became a patient.

    I have a feeling this will become more and more popular as patients continue to use text messaging more and more.

  • Synapse EMR uses SMS, and Email for reminders about Appointments. And one can also tweet directly from the physician dashboard so patients can see if the clinic is running late.

  • While it is great to consider this as part of an EHR the probelm is txt messages are already in widespread use between providers. These messages and any emails between providers are fertile ground for plaintiffs in a medical professional liability case. These txt messages and even most emails usually do not make it in to the EHR so preservation and production of these messages years later can be very problematic. Also what goes into a txt or email can end up being very damaging in a malpractice case since most providers do not understand the discoverability of these media. One most consider the liability issues which are potentially far greater than any HIPAA or Red Flag implications.

  • Nice points to consider Patrick. Definitely have to look at the liability issues associated with an EMR. However, if it was integrated with an EMR, then the doctor would know to be more careful.

  • For text messages to be HIPAA compliant, they need to provide strong ESA encryption, audit logs, auto wipe, and very strong user authentication.
    Currently CellTrust is the only company that provides HIPAA compliant text messaging for healthcare.

  • Most patients will agree to having text messaging, or any messaging at all from their providers!

    Someone, anyone, point to where HIPAA requires that there be strong encryption. Even email can be sent in plain text if both parties agree to this. Encryption is a myth promulgated by companies preying on guillible physicians.

  • Graham,
    You hit the point that I’ve heard and followed. The key is to get consent from the patient before doing either things. Once you get consent you’re in a good position. Although there are some differences across states, so it may differ in different states.

    Also, you can be creative in the messages that are being sent. You can send the message with no PHI.

  • Yes John also to consider as a benefit to an EHR EMR linked up with TXT and email is that by having the TXT messages and or email as an integral part of the EHR/EMR the integrity of the metadata for these media hopefully will be preserved eternally. This needs to be the case for patient interaction txts and emails as well as for interprovider txting and emails. Read up on the new rules for e-discovery based upon the Federal Rules of Civil Procedures modified in 2006-2007. Most states now have their own rules related to electronic discovery too. So think of now in a mulitstate hospital system or multistate physician practice having to comply with several different rules for e-discovery all in the midst of a contentious medical negligence case. Add to that the unfortunate position of finding out the medicine is irrelevant due to txt messages or emails not haivng been preserved properly. Simply by opening a document to read it at any point or even to copy it for your lawyer you most likely overwrite the metadata that establishes the evidentiary nature of the document itself. This is why it is so important to get all correspondence somewhere its integrity can not be questioned 3 to 5 years down the road in your own defense.

  • Mack,
    What did you mean by ESA encryption. Did you mean ADVANCED ENCRYPTION STANDARD (AES) encryption?

  • Check out Tigertext.com, Tigertextpro.com and HIPAATEXT.com

    Yes, Security – encryption of data-at-rest and dat-in-motion.
    Yes, Privacy – Can’t copy or forward text message
    Yes, – Time to Live (TTL) control of your text message in terms of how long they live.

    Call me to request White Paper if interested.
    Paresh Amin – 949-421-7294 or
    Email: paresh@tigertext.com

  • Seems to me most of the problems go away if the mobile user is part of a community of providers that share data from an e-hub.

    The usual recommended access method to an e-hub is via Remote Desktop Connection or its equivalent (pretty secure way of connecting).

    Downloads from e-hubs (if absolutely necessary)usually are double/triple encrypted so there is not much to worry about re text uploads or data downloads.

    A problem of course arises when objects are downloaded and unencrypted.

    As for direct message exchanges sent to remote devices, these should be limited to “you have messages at the e-hub”.

    Regarding protection of unencrypted data at mobile device, a certain amount of discipline plus technology is needed (minimum length passwords, auto-log off, forced archive after a short period of time, remote kill switch etc).

    Problems are minimized when data stays at the e-hub.

Click here to post a comment