The traditional ways of making, confirming, and changing appointments, asking questions, and checking in pre- and post-procedure by phone is not only inefficient but often fraught with mistakes and frustration on both sides. As they strive for automation to remain competitive and meet patients' needs, medical and aesthetic practices need to improve how they connect with patients.

We do have the technology, however the Health Insurance Portability and Accountability Act (HIPAA) has not kept pace with the trends, which makes texting patient information a very risky business.

The Promise and Perils of Texting

We live on our mobile devices 24/7, so it's natural for consumers to warm up to the idea of hearing from an aesthetic physician's office via text, too, especially for routine communications, such as appointment reminders and prescription renewals. Text messages are an efficient way to transfer information on the go and in real time from anywhere in the world, which represents a major improvement from old school methods, such as calling, leaving voicemail messages, or emails. This method of interacting gives patients increased flexibility to connect with their doctors in the way they feel most comfortable and helps to enhance the patient experience by removing hurdles. It may also promote increased loyalty to your practice and cut down on cancellations and no-shows.

But a lot can go wrong. Your data and their medical records may be compromised, which in turn, means that the HIPAA gods can impose substantial fines, starting at the ticket price of that new Jag you had your eyes on.

For messaging to be secure, your communications must be encrypted before they ever get transferred. Basically, encrypted messages can only be read by the intended recipient. Even if your message gets intercepted during the exchange, it is still safe and protected from spying eyes.

It's not that simple, though. You may utilize a system that is heralded as “secure,” but it may not be “HIPPA compliant.”

So, what is an aesthetic practitioner to do?

For starters, download an app or subscribe to a platform that offers services to encrypt your data before you send it through normal unsafe channels. Search for “secure messaging solutions” to find out what is available for IOS and Android devices.

A white paper from suggests seeking out the following features to ensure that your “secure texting app” is also HIPPA compliant.

1. Remote-Wipe Capability. If a device is lost, you can keep confidential information safe by locking the application and deleting all information. This provides an added layer of protection for patient data.
2. Auditing. The app should let you know who has sent a message, who read it, and when.
3. Secure Network. Any application that lets you send a message outside the secure network is not HIPAA compliant.
4. Management of Attachments. Keeping the data within the application is necessary to maintain control, therefore, copying and pasting data, and saving photos and attachments should be restricted.
5. Authentication. A HIPAA-compliant app will not allow users to access or interact with any data unless they are authenticated.

Wendy Lewis is President of Wendy Lewis & CO Ltd, a marketing and social media boutique in New York City, and Founder/Editor-in-Chief of Reach her at