Short, plain-language definitions of the HIPAA and messaging terms you will run into when evaluating a texting platform.
Get started for freeSchedule a demo →Settings that control who can open patient information. HIPAA expects each user to have their own login, and admins must be able to remove access the day someone leaves.
A record of who accessed or sent patient information. When an auditor or a patient asks what was communicated, the audit log is what you produce.
The HIPAA-required contract between a healthcare organization and a vendor that handles PHI on its behalf. Without a signed BAA, patient data cannot go on that vendor's systems.
Sending one message to a list of patients at once, delivered as individual texts. Each reply comes back as a private conversation, so no patient sees another patient's reply.
Any company that creates, receives, stores, or sends PHI on behalf of a healthcare organization. Texting platforms, billing services, and cloud hosts all qualify, and each needs a signed BAA.
A health plan, healthcare clearinghouse, or healthcare provider that transmits health information electronically. Most practices, clinics, and agencies are covered entities under HIPAA.
A digital version of a patient's chart, built to follow the patient across providers and organizations. EHRs hold PHI, so they need the same HIPAA safeguards as any other system.
A digital chart used inside a single practice. People often use EMR and EHR interchangeably, but an EHR is designed to move with the patient between organizations.
Scrambling data while it travels over the network (in transit) and while it sits on servers (at rest). HIPAA expects both for electronic PHI.
The part of HIPAA that sets standards for protecting electronic PHI. It requires administrative, physical, and technical safeguards, including access controls, encryption, and audit logs.
The unique number a practice assigns to a patient's chart. It is one of the 18 HIPAA identifiers, so a message containing an MRN contains PHI.
Health information that can identify a patient, held by a covered entity or business associate. A name and phone number tied to an appointment already qualify.
Indicators that show who has seen a secure message. In BloomText, read receipts apply to secure messages and show who has viewed each message, so your team knows an update was picked up.
A link sent over normal SMS that opens an encrypted conversation. The patient taps it and replies from any phone without downloading an app, and the content stays off the unencrypted SMS network.
The standard way a patient stops receiving texts: replying STOP. Senders must honor opt-outs, and healthcare teams should record them.
Missing a term? Contact us and we will add it.