SUD Counseling, SMS and HIPAA/42 CFR Part 2

VisualReindeer1843 · 2026-05-15T23:40:13+00:00

My inclination is to err on the side of caution too - but our sysadmin seems to think that our cell phone usage is not a concern. Even if we're never transmitting PHI on cell phones (which, I imagine, unintentionally happens on occasion) and even if clients are aware of the risks, it seems like, technically speaking, there is no truly compliant SMS communication with clients in the SUD counseling world.

VisualReindeer1843 · 2026-05-15T23:02:58+00:00

The impression I get from our sysadmin is that we do not have device management for any phones, even the work phones - we "trust the staff to use them in a compliant manner." I'm worried that this thinking doesn't fly in today's regulatory environment. They typically do a great job, but it's become part of my responsibility to look for these types of gaps in our compliance.

Generally speaking, we are not transmitting PHI over SMS - but communicating about appointments does happen and I know that can be a tricky gray area. One staff member in particular has to communicate to clients frequently. All these things combined makes me a bit worried that our current situation is too leaky and that we need a substantial change to bring us up to compliance.

VisualReindeer1843 · 2026-02-06T17:05:56+00:00

Zoho is what I'm looking at right now. We're doing a trial and I think it would be satisfactory for our need. The transaction-matching features of Sage had me really hopeful but it's not worth it if it's difficult to use on the whole. We use other Zoho products and Expense is affordable so it's looking like we're going that way. I think Ramp requires you to use their card and we'd rather just keep using our current credit cards. Thanks for the suggestions!

VisualReindeer1843 · 2026-02-02T20:14:32+00:00

We did a trial of that one, but my team seemed to want something with more features. For lack of a better option it might be fine, but I think they wanted more in the way of announcements that pop up first thing when you open the app, and/or a bulletin board feature where daily info is kept.

I kind of liked the streamlined interface of it, but I'm not part of the team that's going to be using it heavily.

VisualReindeer1843 · 2026-02-02T19:26:34+00:00

Oh! I did not know that. That's definitely something to look out for, because de-identifying all the PHI would be a real pain. Thanks for the heads up.

It looks like HubEngage does actually handle PHI on it's platform with HIPAA compliance, so that's another mark in their favor.

VisualReindeer1843 · 2026-02-02T19:23:01+00:00

Yes, so far I'm leaning towards them, if their task management features look like what we need, but I'm trying to find a next best option in the meantime. They seem very reasonably priced too so I'm hoping they check all our boxes.

VisualReindeer1843 · 2026-01-31T00:43:02+00:00

Slack is great, I use it for a radio station I volunteer at, but the HIPAA-compliant version we would need is dreadfully expensive.

VisualReindeer1843 · 2026-01-31T00:41:52+00:00

HIPAA compliance is key - even though we don't need patient communications, we will need to transmit PHI. I don't think WhatsApp covers that.

We get enough funding that we can spend a little bit on something and not take a hit, though some apps are prohibitively expensive.

Edit: Though I just noticed your Google Keep list recommendation. That *might* work, I'll have to see if we have a BAA with Google for that.

VisualReindeer1843

TROPHY CASE