Convincing your legal and privacy teams to allow you to text your members can be intimidating. Here’s how to get it done.
“We can’t do that. There’s too much risk.” I have spent enough time in and around large health insurance companies to hear this line quite a few times. Sometimes it’s appropriate. After all, there are smart people working at these companies trying their best to ensure nothing bad happens to members or their data, and the information that might be exchanged via SMS is simply too sensitive. There are real risks.
“We can’t do that. there’s too much risk.”
But too often this response is simply a reflex, one based on the false belief that text messaging is too risky. More often than not, “too much risk” is merely a stand in for “too difficult to figure out.” It’s much easier to say “no” than it is to determine how to communicate via text in a safe way that protects member privacy.
The reality is that you can navigate HIPAA and the Telephone Consumer Protection Act (TCPA) — not to mention your legal teams — to text your members legally, safely, and effectively. Here’s how.
Step 1: Get Inside Your Legal Team’s Head
Getting your legal and privacy teams to sign off on your plan requires navigating their concerns and the concerns of the larger corporate bureaucracy. Here are a few things to remember as you start down this road.
Even though it may not always feel like it, your privacy and legal partners are also looking to create an enjoyable, safe, and effective experience for your members. But they look at the world from a perspective different from yours. Their job is mitigating risk, not designing care management programs or improving member health outcomes. They evaluate risk first by identifying it and then assessing the likelihood that that risk could result in some kind of damage to the company. If the risk is greater than zero (pretty much always the case), you’ll need to focus on why the risk is worth it.
That means when you bring them your SMS proposal, expect them to tell you about all the reasons it could go badly. To convince them that it won’t go badly, you must first understand their concerns and then demonstrate that your strategy mitigates those risks appropriately.
Step 2: Design a Strategy Your Legal Team Will Love
Any texting program will have to answer three basic questions.
(Note: this information is not legal advice, and you should consult internal or outside counsel before sending text messages. Our outside counsel made us add this.)
Who are you texting?
A common misconception is that you can only text people that have given you written consent. For healthcare payers and providers, the required consent happens when a member voluntarily provides their mobile phone number. The TCPA refers to this as prior express consent. Think of it as implied consent: if the healthcare payer has their number, consent is implied.
How will you text?
With proper consent in hand, the rest is fairly common sense: don’t text too often — no more than once per day, three times per week — and if someone asks to stop receiving texts from you…stop sending them texts. Simple. What times of day you text, which days of the week, how often, etc., will be determined by the members you’re trying to reach. Experiment.
What can you say?
Next, what to text — this area is most controlled by HIPAA. A few guiding principles. First, texting, like email, is not a secure method of communication. As a result, don’t include any protected health information (PHI) in the text unless you have permission from the recipient, especially information about specific clinical conditions or a diagnosis. You might have implied consent to text them, but you don’t have consent to share personal information.
Second, don’t try to sell something or market to your members via text. Raising awareness about a particular benefit included in their plan is appropriate, but texting them anything that is designed to result in a purchase or payment from the recipient requires another level of consent (prior written express consent). Plus, your members won’t like it and your strategy will fail.
A Journey Worth Taking
All of this might seem hard and like a journey you don’t want to take, but if you care about engaging members and improving health outcomes, it’s incredibly important that you go on this journey. Three reasons:
- Your members expect it.
Yes, all of your members. Even the ones above the age of 65. In fact, they’re the ones who respond to it best. - Hard-to-reach members really need it.
For those most in need of help from a healthcare and social care system — especially one that is not designed to work for them — SMS can be an incredibly powerful tool. Often, this is the only way to reach these members. - They all demand privacy.
Ultimately, your members expect you to provide a safe, quality user experience. That expectation is set by all the other companies they interact with who deliver a good user experience and responsibly use SMS as a channel for communication.
We can do that. Those risks can be mitigated.”
Some teams may look at all of this and still think it’s too risky. The truth is that it can be if you are not prepared to wrangle privacy and consent appropriately. The advice here will help you convince a skeptical legal team to help you implement an SMS strategy.
We know it’s possible, because the founding team at Reema has been helping large health insurance companies send text messages to their members for years. We also know it’s possible because it’s how we successfully engage hard-to-reach members and connect them to the services they need today. We’ve built our entire product, systems, training, and teams around doing this well. We’ve also convinced the most reluctant legal teams to let us text their members. Sometimes we even make them smile. We know the rules and not only abide by them but create a pleasant member experience that incorporates them seamlessly.
Make no mistake: whether or not you start a text messaging program is a business decision, one that requires weighing risk and reward, much like any other business decision you make each day. We know the risk is manageable and can be mitigated nearly to zero. And we know the rewards of communicating with your members in the manner they prefer by delivering information when and where it’s needed through an experience they can trust. The risks can be addressed, members can be meaningfully engaged, and SMS can dramatically improve health outcomes. Don’t let the phrase “it’s too risky” keep you from making a real difference.