Texting In Healthcare

Facts about the Telephone Consumer Protection Act March 2021

Healthcare organizations need to balance regular communications with their patients while complying with federal mandates protecting consumer rights.  An important federal regulation healthcare organization must comply with is called the Telephone Consumer Protection Act (TCPA).   The TCPA is a federal law that restricts telephone calls and texting to residential lines as well as cell phones.  Patients must opt-in, in writing, and agree to receive your messages.  In addition to federal fines and penalties enforced through the Federal Communications Commission (FCC), private citizens have filed lawsuits under the TCPA, and have been awarded damages from $500 to $1,500 per text message.  So, ensuring your digital communications platform is compliant is important.

As noted by the TCPA, the use of text messaging by healthcare providers/organizations is subject to tight regulation.  In addition to the TCPA, healthcare providers/organizations must comply with the Centers for Medicare and Medicaid Services (CMS) and The Joint Commission (TJC), with each establishing their own criteria around permissible uses of texting.  Although heavily regulated, in 2015 the FCC created several narrow exceptions to the TCPA’s consent requirement.  Specifically, the FCC permitted healthcare providers to send prerecorded voice messages related to an urgent healthcare treatment purpose as defined under HIPAA to land lines, without receiving prior consent.

The FCC allows the following exceptions to messages sent to wireless devices and mobile phones:

  • Appointment and exams
  • Confirmations and reminders
  • Wellness checkups
  • Pre-registration instructions
  • Pre-operative instructions
  • Lab results
  • Post-discharge follow-up intended to prevent readmission.
  • Prescription notifications
  • Home healthcare instructions

The FCC places several conditions on excepted communications, including the following:

  • Patients may not incur charges for the message (cannot count toward the patient’s text/minute allowance).
  • Messages may only be sent to wireless numbers provided by the patient.
  • Messages must state the name and contact information of the healthcare provider (noting for voice calls, these disclosures must be made at the beginning of the call)
  • Messages cannot include telemarketing, solicitation, or advertising content, and cannot include accounting, billing, debt-collection, or other financial information.
  • Messages must comply with HIPAA privacy rules
  • Text messages may not exceed 160 characters
  • Only one message (either voice call or text message) may be left per day, and no more than three voice calls/text messages may be left per week.
  • Each message (voice and text) must provide an easy means to opt out of future messages.
  • Text messages must inform patients that they can choose to opt out by replying “STOP”, which is the sole means by which patients may opt out of such messages.
  • A healthcare provider must honor opt-out requests immediately.

In 2017, CMS further clarified its position regarding permitting text messaging of patient information by providers, stating:

  • Texting patient information among members of the healthcare team is permissible if a secure platform is used.
  • Texting patient orders is prohibited regardless of the platform used.
  • Computerized Provider Order Entry (CPOE) is the preferred method for entering patient orders.

So.  What should organizations do?

As a best practice, healthcare organizations that want to send text messages to patient’s cell phones should obtain prior written consent.  This can generally be handled during patient registration and other on-boarding activities.  The message needs to be clear and concise and should inform the user that:

  1. By agreeing to receiving text messages, that messages could be sent via voice or automated telephone dialing with an artificial or prerecorded voice.
  2. Inform you patients they are not required to sign the agreement; this is purely optional.

It is important to point out that the FTC (Federal Trade Commission) has allowed patient digital consent given via email, website click-sign form, texting, telephone key press and even voice recording.  This should encourage healthcare organizations to consider leveraging this technology.

In addition, healthcare organizations should be proactive and look closely at how, when and who sends voice and/or text communications to patients.  In particular, the organization should review:

  • Processes for obtaining consent
  • Current records of patient consent
  • Methods and vendors used to contact patients
  • Policies and procedures regarding how phone numbers are collected, calls/texts are logged, and “opt outs” processed
  • Training regarding permissible content.

The Benefits Outweigh the Risks:

The benefits of texting are too important for any practice not to take advantage of this service.

Studies show that the average consumer unlocks their mobile phone more than 150 times per day and 90% of text messages sent are read within 10 seconds of receipt.  Mobile technology is the main method of communication to the outside world, and they are always by one’s side.  Patients are more inclined to pay balances and review statements when the communication is sent in the form of a text message.  The need for mobile communications and the need for real-time e-visits was never more evident during the COVID-19 global pandemic.  Many regulations were loosened to allow for any form of telehealth method including commercial vendor such as Zoom.  It is expected that many regulations may be revisited and rewritten to allow for a more broader adoption of texting and other technologies within healthcare.

Finally, it is important that healthcare organizations partner with knowledgeable vendors that have years of experience in healthcare, understand security and are well-versed in current healthcare regulations.  HiLiteMD, provides a patient engagement ecosystem that solves healthcare’s biggest delivery challenges. Our software transcends the patient journey by automating tasks and communications securely with an approach that humanizes the patient digital health experience.  HiLiteMD, focuses on patient acquisition, communications, financial management and patient life-cycle management.  Most importantly, the founders of HiLiteMD have a combined 40+ years of healthcare IT leadership experience including HITRUST certification, directly managing large MSO’s and practices like yours.  HiLiteMD’s technologies were developed to answer many of your operational challenges under a single solution, avoiding the challenges of integrating too many systems.  Interested in learning more; please contact us at info@hilitehealth.com to schedule a free consultation.


  1. CMS, Center for Clinical Standards and Quality/Survey & Certification Group
  2. Telemedicine and Texting: Telephone Consumer Protection Act http://www/natlawreview.com/