Limited offer · Save $800 on the snapshot · Closing in 00d 00h 00m 00s Claim now →
Schedule demo Get snapshot
Home/ Blog/ Post
Blog

HIPAA-Aware SMS for Wellness Practices — What You Can and Can't Send

A practical guide to texting clients in wellness practices without crossing HIPAA lines. What's safe, what's risky, what's prohibited.

May 8, 2026 · 3 min read · by Snapshot Team

#HIPAA#SMS#compliance#wellness

HIPAA-aware SMS for wellness practices

Disclaimer: This post is general education, not legal advice. HIPAA compliance is fact-specific. Talk to a healthcare attorney about your practice’s exact obligations.

Most wellness practitioners assume one of two things, both wrong:

  1. “I’m not a doctor so HIPAA doesn’t apply to me”
  2. “HIPAA means I can never text my clients”

The reality is between these poles, and it matters because SMS is one of the highest-leverage client-engagement tools you have.

Who is actually a HIPAA-covered entity

You may be a “covered entity” if you:

  • Bill insurance for any services
  • Receive health information from another covered entity (referring MD)
  • Are a licensed medical provider (MD, DO, DC, ND, RD, RN, NP, PA)

You may not be a covered entity if you:

  • Operate as a coach (not licensed medical)
  • Don’t bill insurance
  • Don’t receive PHI from other covered entities

Even non-covered-entity wellness coaches benefit from HIPAA-aware practices — both as good ethics and because your contracts (with HighLevel, with payment processors, with HIPAA-covered referral partners) may require it.

What HIPAA actually says about SMS

HIPAA doesn’t prohibit SMS. It requires that PHI in SMS be protected appropriately. In practice this means:

  • Encrypted in transit — most modern carrier SMS qualifies, but check
  • Patient consent — written, specific consent to receive health information by SMS
  • Risk-assessed — the practice has documented why SMS is the appropriate channel
  • Minimum necessary — only PHI required for the communication

What this looks like operationally:

Safe SMS patterns

These are SMS messages that don’t contain PHI (or where PHI is appropriately handled):

Appointment reminders without health context “Hi Sarah, reminder you’re booked Tuesday at 2 PM. Reply YES to confirm.”

Generic check-in pulses “How are you feeling today? Rate 1–5.”

Generic content links “This week’s recipe pack: [secure link]”

Renewal nudges “Your package ends Friday — continue here: [link]”

Secure-link redirects to portal “Your lab results are ready — view in portal: [secure link with auth]“

Risky SMS patterns

These need patient consent, a documented risk assessment, and ideally a BAA with your SMS provider:

⚠️ Symptom-specific check-ins “How’s your IBS today? Bloating, BM frequency?”

⚠️ Medication reminders by name “Time for your levothyroxine”

⚠️ Lab result summaries in-message “Your TSH came back at 8.2”

⚠️ Diagnosis-referenced communication “For your IBS, try the FODMAP guide”

Prohibited (or extremely risky) SMS

Never, regardless of consent:

Lab result detail in plain text “Your fasting glucose is 165, your HbA1c is 8.7”

PHI exchanges with unverified contacts Sending to numbers not confirmed as the client

Group SMS that exposes client identity to other clients “Hi to the cohort — Sarah just hit her goal!”

PHI to family members without explicit consent

How the Wellness Snapshot handles this

The snapshot’s SMS workflow defaults to “safe” patterns out of the box. For risky patterns, copy templates are pre-written to use secure-link redirects that bounce the client to the portal for any health info exchange.

For symptom-specific check-ins, the snapshot offers two modes:

  1. Generic pulse mode (safe SMS, full symptom logging happens in portal)
  2. Symptom-specific mode (requires patient consent flag set, BAA verification)

Your homework

  1. Identify whether you’re a HIPAA-covered entity
  2. If covered, ensure you have a BAA with HighLevel and your SMS provider
  3. Run an SMS audit — what patterns are you currently using?
  4. Update your patient consent forms to specify SMS use
  5. Train staff on the safe / risky / prohibited distinction

The bottom line

You can text wellness clients responsibly. You just need to know which patterns are safe and which need protection. The snapshot defaults to safe patterns; we walk you through the risky-pattern decisions during your 10 dedicated hours.

See the HIPAA-aware copy library →

Keep reading

More playbooks for wellness practices

Behind the build
Why We Built the Health & Wellness GHL Snapshot
The origin story behind the Wellness Snapshot — what wellness practitioners kept asking us for, what we kept seeing fail, and what we built in response.
Read the post →
Playbooks
5 Wellness Practice Automations That Pay for Themselves in 30 Days
The five highest-ROI workflows for wellness practitioners — what they fix, why they work, and how to install them this month.
Read the post →
Playbooks
How to Run Daily Check-Ins for 100+ Wellness Clients Without Burning Out
A practical guide to automating client accountability while keeping the warmth and relationship that make coaching work.
Read the post →
Ready to put this into practice?

Install the Wellness Snapshot in 24 Hours

Every workflow above — already built, refined across 80+ U.S. wellness practices, installed for you for $997 one-time.

Get the Snapshot — $997 Schedule a Demo
Book Demo Get Snapshot