Is text messaging via HIPAA Compliant?

There are many reasons that Protected Health Information should not be sent via text.

Any information, including text messages, stored on's servers is encrypted with restricted access and is HIPAA compliant.  However, your patient's mobile devices are not. 

Senders of text messages have no control over the final destination of their messages. They could be sent to the wrong number, forwarded by the intended recipient to someone else, or intercepted while in transit. Copies of SMS messages also remain on the mobile carrier's servers indefinitely with no means of remotely retracting or deleting them.

There is no message accountability with standard SMS text messages because anyone could pick up someone's mobile device and use it to read messages, send a message, or edit a message and forward it.

For this reason and others, sending  Protected Health Information (PHI) via standard text could be considered a HIPAA violation with limited exceptions.

There are secure messaging services that require a patient to login into an app with access credentials to receive messages similar to text messages.  is not one of those services.

We work with the Compliancy Group to ensure our HIPAA compliance. This article from their team addresses texting and HIPAA compliance in detail. advises customers never to send PHI via text.