Recommendations when using SMS messaging

• It is important to take steps to protect patient privacy when communicating with patients by telephone and SMS messaging.
• Always seek and document the patient’s consent before contacting them by telephone or SMS.
• Have clear policies and procedures in place for telephone calls, including leaving messages, and SMS messaging to help avoid privacy breaches.

Patients need to be able to contact the practice easily to make appointments and provide and receive information. You also need to know how to contact your patients quickly, especially when an urgent situation arises.

Ensure that you provide options for patients to be in contact with the practice, so they can choose the method that best suits them and are not disadvantaged by, for example, a lack of access to technology.

This factsheet explores short interactions and messages with patients. There is a separate factsheet on email communication with patients.

Telephone calls with patients

Patients usually provide their best contact details when registering with the practice for the first time. This should be recorded clearly in the patient’s record and routinely (ideally each visit) checked with the patient that it is current. You can also clarify with a patient during the consultation their preferred contact method for follow up, particularly for a time sensitive result. This should be noted in the patient’s file and followed when the results become available.

Leaving messages

A patient’s confidentiality can be breached simply by it becoming known they are seeking medical care. This can make it tricky to know when and how to leave messages if you can’t reach the patient.

If you use the details the patient has provided, then, it is reasonable to leave a short message asking the patient to contact you or the practice. This can be left on their personal voicemail service or with someone else who answers that number. No detailed information or results should be included in the message; just a name and return contact number. You should then document this in the patient’s record.

SMS messaging

The use of text messages for recalls and reminders has increased in medical practices due to:

• Patient demand – patients find it convenient to receive messages on their phones and are more likely to respond to a recall or reminder SMS message than a letter.
• Efficiency – a patient’s mobile phone number is increasingly becoming the most reliable contact information held in a patient’s file as it does not need to change when their other details might. It is also an instant form of communication.
• Cost – the cost of a text message is lower than the cost of a letter.
• Technology – many electronic health record and online appointment systems provide an easy way of sending and recording SMS messages. There is an option in some systems to receive a ‘read’ stamp, confirming the patient has read the message.

If the whole or part of the purpose of the reminder SMS is to advertise or offer goods or a service at the practice, you must comply with the Spam Act (Cth) 2003.

In this circumstance the SMS message must:

• clearly and accurately identify the organisation that authorised the sending of the message
• include accurate information about how the recipient can readily contact the organisation
• contain a functional and clearly presented unsubscribe facility.

Having clear policies and procedures for how and when you will contact patients and how they can contact you helps to set expectations early. The policy can outline the ways you will communicate with patients, and any methods not used and in what circumstances. It also helps to address how patients are best to contact you depending on their needs.

A staff policy helps as well, to set internal expectations of staff and to guide training such as how to triage incoming calls and to document any calls appropriately.

To encourage consistent use of the system in relation to SMS messaging, the policy should cover:

• who is authorised to send, receive and respond to SMS messages
• how messages are recorded in the electronic health records
• what information may be included or not included in an SMS message
• how patient consent is obtained and documented
• whether SMS messages are sent offering goods or health services
• what checks are made to verify the patient’s mobile telephone number is up to date and accurate.

1. Obtain and document consent

Your practice should record the patient’s preferred contact details when they first join the practice.

If you use SMS messages, you should inform patients that these are used as a reminder service for appointments and recalls. This can be done in the Privacy Policy and/or on the practice website. Just because patients have provided a mobile phone number does not automatically mean they agree to receive SMS messages.

Your practice should obtain the patient’s consent to receive SMS messages and the mobile number to use for the messages:

• in the patient registration form for new patients
• when confirming an appointment for existing patients
• through an online appointment or registration portal.

2. The patient’s contact details should be checked on a regular basis.

Routinely check with patients that their contact details remain current. Do this in a way that also respects their privacy. Ensure you also record any limits on the way the patient is happy to be contacted.

Where patients do not consent to be contacted by text messages this should be clearly documented to ensure that this does not occur.

3. Limit the information contained in messages

All messages for patients should be limited so that the risk of sensitive information being accessible to anyone else is reduced. Messages should not contain sensitive health information such as a description of particular test results that need to be followed up or the results of such tests (unless the patient expressly consents to this). The message should simply request that the patient contact the practice, as well as indicate (where appropriate) the level of urgency.

It is reasonable to send reminders about generic preventative screening tests (eg. cervical screening tests, skin checks, flu vaccines) as part of a practice’s preventative care role. However, it is best not to include the detail for the reminder but rather refer generally to a repeat screening test and a message to ring the clinical for more detail. Some systems allow you to send a link and the patient then logs in to obtain further details.

4. Implement a system for following up patients who do not respond

When recalling patients for test results the same principles apply to phone or SMS messages as for following up any test results. The extent to which patients are followed up will depend on the level of urgency and the clinical significance of their test results. 

See Avant's follow-up factsheet for more information.

In the case of routine preventative health reminders, it is generally not necessary to continue to follow up patients as they may have decided not to have a test performed at the practice.

5. Document all messages in the patient’s record

All telephone calls and messages form part of the medical records, as do SMS messages. A note needs to be made of the time and date of the call and what was included in the message. SMS messages need to be included in the patient’s record. Some electronic health record systems do this automatically.

Digital communication - what you need to know 

Office of the Australian Information Commissioner, Guide to Securing Personal Information and OAIC Notifiable data breaches report July-December 2019

Royal Australian College of General Practitioners, Text messaging in general practice

RACGP standards 5th edition

For medico-legal advice, please contact us here, or call 1800 128 268, 24/7 in emergencies.