Sponsors

Latest Announcement

HRMA Legislative Bulletin November Topic: HIPAA & Electronic Communications — Texting and Emailing PHI

Download the PDF version of this announcement Overview...
Read More ►

Chapter Announcements

HRMA Legislative Bulletin November Topic: HIPAA & Electronic Communications — Texting and Emailing PHI

Nov. 1, 2025

Download the PDF version of this announcement

Overview 

HRMA Legislative Bulletin November

HIPAA & Electronic Communications — Texting and Emailing PHI 

Why This Matters

Employers in Massachusetts who sponsor health plans, operate onsite clinics, or contract with vendors handling health information must follow HIPAA’s Privacy and Security Rules and Massachusetts data-security regulations (201 CMR 17.00). With OCR strengthening enforcement and new Security Rule updates on the horizon, texting and emailing PHI remain high-risk areas requiring clear policies and safeguards. 
2025 Regulatory Highlights

  • HIPAA Security Rule Updates: HHS is proposing stronger requirements around encryption, logging, and incident response.
  • Massachusetts Rules: State law adds additional obligations for safeguarding personal data and reporting breaches.
  • Enforcement Trends: OCR continues to penalize organizations for unsecure text/email practices and lack of risk assessments. 


Download the November Legislative Update, which includes:

  • Do's & Dont's
  • Quick Consent Language
  • Next Steps for Employers 
  • Additional Resourcecs

 Facebook            LinkedIn