How to maintain HIPAA compliance when sending automated appointment reminders

I always get the question “Are you HIPAA compliant?”, so today’s blog will touch a bit on what it means to be HIPAA compliant when sending out appointment reminders.

HIPAA stands for The Health Insurance Portability and Accountability Act of 1996. Essentially it has two primary functions:

  1. To protect the privacy and rights of private citizens regarding their healthcare information.
  2. To ensure that citizens would be able to keep their health insurance when changing jobs.

When sending reminders, we need to be aware of the first list item above. If your business operates in the healthcare field and you create and schedule appointments with customers, chances are that you either call your customers yourself or use an automated reminder service to remind them. If you use or are thinking of using an automated system to remind your patients of their appointments, following a few simple guidelines will ensure that you maintain HIPAA compliance when it comes to protecting the privacy of your patients.

According to the US Department of Health and Human Services, appointment reminders are considered part of the treatment of the patient and can, therefore, be made without authorization. This means that you can send manual or automated reminders to your patients to remind them of their appointments. However, they also state that “identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability”.

When sending appointment reminders to patients, only include the most basic, essential information that the patient needs to remind them of the appointment. It’s ok to include their name, appointment date & time, and name of the facility or the doctor’s name (as long as this does not disclose the type of appointment). Also, use only the patients first or last name if possible. Things that you should not include are the type of the appointment, test results, or diagnosis. You should also ensure that you are sending the reminders to the patient’s phone number, or email address that is on file. You can allow the patient to call back into the system to get more details on the appointment but only after they can identify themselves by providing a private PIN number or some other means of identification such as MRN + Date of Birth.

You should allow the patient to easily opt out of the reminders by either responding to a text message or pressing a key on the phone. You should also maintain a do-not-call list and ensure that you check this list prior to sending any reminders. If the patient requests you to stop sending reminders, you should honor that request. Also, let your patients know how you will be sending the reminders and how you plan to use their phone numbers and email addresses.

You can find more information on HIPAA and Appointment Reminders at these links: (U.T. Health and Science Center / HIPAA and Patient Care) (U.S. Dept of Health and Human Services)


Leave a Comment