Email and Texting PHI – HIPAA, TCPA and CMS Compliance

• Type: Live Webinar 
• Speaker: Paul R. Hales
• Date: July 31st, 2025
• Time: 01:00 PM EST
• Duration: 90 Minutes 

Course Description

Healthcare providers, insurers, and their business associates can avoid costly HIPAA and TCPA violations by following a straightforward “3-Step Safeguard” when using email and text messages that involve patient data. This safeguard, backed by the Office for Civil Rights (OCR), the Federal Communications Commission (FCC), and CMS, helps simplify compliance while ensuring patient communication remains effective and secure.

If a patient opts for it, HIPAA-covered organizations must use unencrypted emails or texts when sharing protected health information (PHI), provided certain conditions are met. This applies equally to business associates acting on behalf of these covered entities.

In this engaging webinar, we’ll break down the regulations using multimedia visuals to highlight compliance essentials. The focus is on how easily providers and vendors can stay compliant and protect their organizations against email and texting missteps involving PHI.

Topics We’ll Explore

• Key takeaways from HIPAA, TCPA, and CMS rules

• Understanding the full scope of what qualifies as PHI

• When encryption is mandatory for email or text communications

• When unencrypted messaging is required with patient consent

• HIPAA-compliant messaging: what you need to know

• Commonly misunderstood terms and legal definitions

• Step-by-step walkthrough of the 3-Step Safeguard

• Proposed updates to HIPAA’s Security Rule related to digital communication

• Overview of TCPA restrictions and when they apply

• CMS rules for provider-to-patient messaging

• Tips for building a scalable, compliant communication strategy

Why You Should Attend

This session delivers actionable guidance for healthcare professionals seeking clarity on compliance when using email or text to communicate PHI. You’ll learn how to implement and document the 3-Step Safeguard, know exactly when encryption is necessary, and ensure your outreach efforts are aligned with federal rules—all while keeping patient convenience and preferences at the forefront.

Who Should Attend

This training is ideal for anyone working within or supporting HIPAA-covered organizations, including:

• Healthcare Providers and Practice Owners

• Clinics and Hospitals

• Physical, Behavioral, and Occupational Therapy Providers

• Health Plan Administrators and Group Plan Managers

• Third-party Administrators and Vendors

• Compliance Officers and Privacy/Security Officials

• Patient Engagement and Outreach Teams

• Marketing Specialists in Healthcare

• Billing Services and Collection Agencies

• Attorneys and Legal Consultants supporting healthcare clients

• Practice Management Companies and Survey Vendors

• Business Associates handling PHI through digital communication platforms