How To Send HIPAA Compliant Text Appointment Reminders

Updated on January 26, 2022

Although texting appointment reminders are allowed under Health Insurance Portability and Accountability Act (HIPAA) due to the fact that “appointment reminders”[¹] are considered part of the treatment of an individual and, therefore, can be made without authorization, new HIPAA privacy rules have recently added more regulations[²].

Sending HIPAA compliant appointment reminders has been shown to decrease appointment “no-shows”[³] and potentially enhance the patient-provider relationship. However, given the concern about data breaches, it’s important to understand the requirements of utilizing automated HIPAA texting appointment reminders and patient preferences. Certain safeguards must be in place, and the information provided in the message, email, or voicemail must be restricted to only what is necessary to confirm the appointment.

To ensure that you and your patients are protected, we recommend the following actions when launching a patient appointment reminder software:

  • Confirm your NPP (Notice of Privacy Practices) is updated and includes information about how to opt in and opt out for appointment reminders by SMS and/or email.
  • The NPP should be explicitly clear and state something similar to “You’ll be receiving automated SMS text message/email reminders about your upcoming appointments. If you would rather opt out, please notify us.”
  • Prompt patients to verify their contact information, including their phone number, regularly.
  • Provide an additional opt-in outside NPP; many people do not read the NPP, and texting appointment data may be unacceptable to some people.
  • Give patients the option for a preferred method of contact, or at the least, the ability to opt out of specific outreach methods.

Outreach Methods

  • IVR reminders. Interactive Voice Response-based calls also support user-inputted responses (e.g., “Press 1 to confirm, or 2 to cancel your upcoming appointment”).
  • SMS reminders
  • Email reminders
  • Push notifications
  • Bidirectional patient messaging

What to Include (and Exclude) from HIPAA Compliant Text Message Appointment Reminders?

When sending a HIPAA compliant text message appointment reminder, it is best to avoid being too specific. Keep in mind that practice names can infer types of treatment or conditions. For example, “Oncology Clinic” clearly indicates that the patient has cancer. Unless a patient has specifically authorized receiving information about their conditions, results, or treatment through text, it is considered an unauthorized disclosure of personal health information (PHI)[²].

Generic reminders include:

  • Appointment date and time
  • Provider’s first and last name
  • Location of the appointment

hipaa compliant text message appointment reminders
texting appointment reminders HIPAA









Using these tips allows you to get the most out of your patient portal and ensures you don’t compromise your patient’s right to privacy or cause any data breaches.

By centralizing a patient opt-in/out preferences in a single system, you become more compliant, avoid the over-sending of messages, and take smarter advantage of these communication tools.

Once patients have received an automated appointment reminder, there are several responses a patient can choose. If a patient can’t make an appointment, they can reschedule through patient self-scheduling software. This software provides patients with a means to contact their provider without calling into the office. Self-scheduling software ensures that patients can work their way through the proper clinical screening and select from conflict-free times within the patient scheduler. A self-scheduling solution is built to handle complex scheduling decision trees and is adaptable to any provider group.

hipaa compliant text message appointment reminders


Features and Benefits of Bridge’s Patient HIPAA Compliant Appointment Reminders

Through extensive integrations into many of the industry’s most prominent EHR/PM systems, our text messaging appointment reminders can send HIPAA compliant appointment reminders using real-time appointment data. Our comprehensive software uses known patient preferences to notify patients of appointments on their preferred platform (Email, SMS, In-Portal, Push Notification Via Mobile App) and in their selected language.

  • Customizable Messages. Providers can send mass messages as well as messages customized for a specific patient.
  • Bilingual. All messages are available in English/Spanish.
  • HIPAA-Compliant. We offer a HIPAA-compliant patient portal, which secures Protected Health Information (PHI).
  • Push Notification Capabilities. Send alerts to patients via their mobile devices.
  • EHR/PM System Integrated. Appointment data is sourced straight from the EHR/PM System, such as Greenway Health™, Centricity™, and NextGen®.
  • Custom Triggered Notifications. Trigger specific notifications for different types of appointments.

There are multiple ways to ensure patient data security when sending automated texting appointment reminders. One way is to make patients aware of automatic reminders via an opt-in within the notice of privacy practices. Healthcare organizations should be conscious of a patient’s preferred method of contact. To maintain HIPAA compliance, all messages sent to patients, including appointment reminders, should not include any protected health information.


DISCLAIMER: All product and company names are trademarks™ or registered® trademarks of their respective holders. Bridge Patient Portal is not affiliated, endorsed, or sponsored in any way to the service providers mentioned in this article.

  1. (2015). Are appointment reminders allowed under the HIPAA Privacy Rule without authorizations. [online] Available at:
  2. Maheu. (2020). Appointment Reminder: HIPAA Rule Ads Additional Requirements For Patient Privacy. [online] | Professional Training & Consultation. Available at:
  3. Glauser, W. (2020). How can doctors reduce no-shows?. [online] Canadian Medical Association Journal. Available at:
Josh Orueta
Josh Orueta

Josh Orueta, our Chief Technology Officer, joined Bridge Patient Portal in 2013 as a product owner. Previously he worked with Electronic Medical Records (EMR) companies, major labs, and Practice Management (PM) software companies in the US. Josh leads a talented team of developers to enhance Bridge's patient engagement solutions continually.