HIPAA-compliant Text Messaging

Secure App-free SMS Messages

SecureText enables the sending of ePHI and other sensitive information directly to patient cell phones via regular SMS text messages. Fully HIPAA compliant. No consent needed.

Patients click on a link in the text messages, enter their PIN, and open the actual messages in a secure phone web browser.

If you can send email messages, you can send SecureText messages.

Talk to an Expert

What is SecureText^TM?

Your solution for HIPAA-compliant texts without the need for an App.

Watch the video to learn more.

HIPAA-compliant Texting

Is this your experience as a health care provider? Your patients are clamoring to speak with you or to set up and confirm appointments via text messages. Consequently, you feel pressured to use a questionable practice — text messaging — to relay healthcare information.

Text messaging is fast becoming the new normal for everyday communication due to its speed and convenience. Patients now want to use texting for their healthcare needs, as well. You, however, may have doubts about the suitability of text messaging in a healthcare setting, and, more important, its legality compared to more conventional modes of communication.

In most instances, sending electronic Protected Health Information (ePHI) by text message is a clear violation of HIPAA guidelines. If a breach of ePHI were to occur as a result, the healthcare facility involved could face fines of up to $50,000 per message. If your office were audited, would your policies and practices around text messaging comply with HIPAA?

At LuxSci, we want all your communications to be secure. Our SecureText service represents a unique solution to concerns about HIPAA-compliant text messaging. SecureText enables the sending of completely secure messages, including attachments.

All you have to do is remember "[phone_numer]@secure.text" to send SecureText messages to anyone from LuxSci WebMail, your favorite email program, or LuxSci's REST API.

Learn More

eBook: HIPAA-compliant Email Basics

Safeguarding your healthcare practice and protecting patient privacy

Book 1 in the LuxSci Internet Security Series.

Created by Erik Kangas, PhD

Get the HIPAA eBook

FAQs: Perhaps you were wondering...?

How does SecureText work?

Watch our SecureText Demo video.

The sender of a SecureText message is a LuxSci user with LuxSci's SecureLine^TM encryption service.

The sender composes an email message in LuxSci WebMail or the sender's favorite email program (for example, Outlook, Thunderbird, or iPhone Mail) and sends the message to a special email address based on the recipient's cell phone number (for instance, "2114367789@secure.text" for a hypothetical recipient in the USA whose cellular number is "211-436-7789." The address is slightly different, but equally easy, for recipients in different countries).
After the sender hits send, the recipient receives a text message on his/her phone indicating that a secure message is waiting.
The recipient touches a short link in that text message, which opens up a Web browser on the recipient's phone:
- If the recipient has recently viewed another SecureText message, then the new message immediately loads and displays.
- If the recipient has previously viewed a SecureText message, but that was a while ago, the recipient will first need to enter the password that s/he set up to protect access to these secure messages.
- If this is the recipient's first SecureText message, then the recipient sets up a password for future access and enters an email address for password recovery. The recipient then gains access to view the message and is prepared to access future messages.
Once the recipient views the SecureText message, s/he can view or download files and securely reply to the message.

What is the benefit over regular texting?

With regular text messages, there's no expectation that the message is secure or private or protected from unauthorized access. Sending protected health information (ePHI) over a regular text message is a violation of HIPAA unless special safeguards are in place and the patient has given special consent. Sending ePHI over text to other healthcare workers is almost always against HIPAA. See: To Text or Not To Text: Texting under HIPAA.

SecureText protects the sensitive data during transmission, provides for authentication of the recipient, provides audit trails of message access, enables message expiration and forced message deletion, and comes with a HIPAA Business Associate Agreement from LuxSci. SecureText allows you to send your secure messages over text without the need for a special app and within HIPAA requirements.

Can I send SecureText messages to anyone with a cell phone?

You can send SecureText messages to anyone, in any country that has a cell phone with text messaging service. However, your recipient's phone will need access to the Internet (for example, by cellular data or WiFi) and a built-in Web browser to open the message.

Can I integrate SecureText into by own application?

Yes. SecureText messages (and secure email messages) can be sent via LuxSci's REST API. You sign up for a business email account with LuxSci to gain access to the system (create a 1-user @luxsci.net account if you do not need to host your email with LuxSci). Then, create and configure your API interface, subscribe to a level of texting credits to support your volume, setup Private Labeling to customize your messages and the SecureText portal, and get your own dedicated SecureText phone number from which your texts will originate.

Do recipients need to install an "App" to view SecureText messages?

No. SecureText works with the texting and Web browsing applications built into all modern smart phones. There's no need for the recipient to install a custom application or to learn special software.

Can someone reply to SecureText messages?

Yes. When viewing a SecureText message, a person can securely reply to that message and even include files (photos, for instance) from your phone.

How does the sender receive a SecureText reply?

The sending LuxSci user receives replies to SecureText messages as secure email to his/her email account.

Can I send long messages and/or files via SecureText?

Yes. None of the usual limitations of texting exist with SecureText. You can send long messages, HTML-formatted messages, and files in your SecureText messages. The total size of each SecureText message should be less than 100 MB.

Does SecureText support Read Receipts?

Yes. If the sender requests a read receipt, then s/he will always receive one when the recipient opens the message. Additionally, senders can see reports of all messages sent; these reports include message access histories.

Does SecureText have an API?

Yes. You can connect your software to SecureText for the automated sending of secure text messages via LuxSci's REST API. You application can easily send SecureText (and secure email) notices automatically and transparently through LuxSci.

How much does SecureText cost?

The SecureText service is part of SecureLine^TM and thus requires a SecureLine^TM license. Additionally, sending each SecureText message requires the use of texting credits to pay for the underlying texting service. For messages sent within the USA and Canada, each message generally uses 1 credit. Texting credits can be purchased on a pay-as-you-go basis for $20 per non-expiring block of 250 credits, or subscribed to on a recurring monthly "use it or lose it" basis for $10 for each block of 250 credits/month.

How many SecureTexts can I send in a day?

Pay-as-you-go accounts can send up to 250 SecureText messages each day.

Recurring accounts have a daily SecureText sending limit equal to their monthly subscription—up to 1,000 credits/day. I.e., if you get 1500 credits/month, then you can use up to 1000 credits/day.

Recurring accounts with Private Labeling can obtain a free dedicated sending phone number (a 10-digit US long code phone number) from LuxSci. Once that phone number has been added, these accounts have a daily SecureText sending limit equal to their monthly subscription up to 75,000 credits/day.

To send more messages in a day or to send faster than 1/second without queuing, a Short Code phone number will be needed. Please contact sales for pricing.

Security & Compliance Features

Feature
Data stored at rest using 256-bit AES encryption
Data transmitted using TLS
Data never transmitted directly in raw text messages
Data not stored on recipient mobile devices
Password-based recipient authentication
Audit trail of recipient logins and recipient message access
HIPAA-compliant
Permanent storage for all messages and attachments with Email Archival

Sending SecureText Messages

Feature
Send from LuxSci WebMail or any email program
Send via the LuxSci REST API
Send to multiple recipients in one message
Send to both secure email and SecureText^TM recipients in the same message
Send content and attachments up to 100 MB per message
Send attachments and images
No special application needed
Request and receive read receipts without the need for recipients to approve them
Notification text messages are customizable (with Private Labeling)
Obtain and use a custom texting phone number or short code (with Private Labeling)

Receiving SecureText Messages

Feature
Any smartphone with a Web browser and Internet access
View images and attachments supported by your smartphone
Secure reply to messages
Self-service password reset via configurable alternate email address
Quickly view new SecureText^TM messages without entering a password (as long as your IDLE timeout has not expired)
Session IDLE logout
Session logout on demand
View all sent and received messages in one place (with Private Labeling)