HIPAA Regulations & SMS
HIPAA compliant SMS is perfectly attainable, so long as you work with the right communications partners.
By Michael Bratschi

There are sources that advise healthcare providers to avoid SMS altogether, because HIPAA regulations around SMS are too difficult to navigate.
However, there is a strong demand for SMS communication in the healthcare industry.
It's just important to keep HIPAA regulations and compliance in mind when designing your customer communications.
Take advantage of insights from 1 billion+ messages with our '2023 Guide to SMS and MMS'. Download your copy to learn from Telnyx experts and shape your ideal SMS/MMS strategy.
HIPAA compliance for SMS is essentially a matter of encryption and access. Healthcare providers must protect patient data from being accessed by anyone outside of the healthcare organization.
What does this mean for healthcare providers?
What this means for healthcare providers is that they must conduct any SMS communication with patients over a completely secured and encrypted network. This includes networks that are outside the healthcare organization’s management, such as telecom carrier networks.
Therefore, HIPAA compliance requires that any SMS provider which transmits healthcare SMS messages must encrypt those messages as long as they are in transit over the carrier networks and protect those messages from being intercepted by third parties.
There are a lot of theories about how a telecom carrier might do this. But, in practice, sending healthcare SMS messages over a private network—without using third-party networks—and encrypting healthcare SMS messages for as long as they are on the SMS carrier’s networks is the only way for an SMS provider to meet HIPAA compliance requirements.
This may seem complex. But, healthcare providers can weed out unqualified SMS providers with just two questions:
- Does the carrier send data only over a network that it owns and operates?
- Can the carrier encrypt data from end to end?
If the answer to either of these questions is “no,” then it is unlikely that the carrier can meet the HIPAA requirements for healthcare SMS.
To find out more about healthcare SMS regulations and best practices, talk to our experts.