Northern Virginia Surgical Arts – Communication & Text Messaging Policy

To ensure a consistent, secure, and professional standard of communication with our patients and partners, Northern Virginia Surgical Arts (NVSA) authorizes the use of approved third-party messaging platforms for business-related text messaging. This Communication & Text Messaging Policy supplements our existing privacy and computer use policies.

1. Purpose

This policy governs the use of third-party texting services for communication with patients, referring providers, vendors, and team members. It is designed to:

  • Protect patient privacy and comply with HIPAA and all applicable federal and state regulations
     
  • Ensure all communication is professional, accurate, and aligned with NVSA’s standards
     
  • Provide clear expectations for proper usage and monitoring
     

2. Approved Use

  • Text messaging through authorized third-party platforms (e.g., Podium, Klara) is permitted for scheduling reminders, confirming appointments, answering patient inquiries, and sharing general practice information.
     
  • Messages must be business-related. Personal use of texting platforms is strictly prohibited.
     
  • PHI (Protected Health Information) may only be communicated through secure, HIPAA-compliant platforms.
     
  • Marketing messages must comply with applicable opt-in/opt-out regulations, including the Telephone Consumer Protection Act (TCPA).
     

3. Consent and Opt-Out

  • Patients must provide prior consent to receive text messages.
     
  • All outbound marketing messages must include clear opt-out instructions (e.g., “Reply STOP to unsubscribe”).
     
  • NVSA will honor opt-out requests promptly and ensure patients who opt out are excluded from future messages.
     

4. Monitoring and Privacy

  • All text communications sent via third-party platforms may be monitored, audited, and stored by NVSA.
     
  • Employees have no expectation of privacy when using these systems for business purposes.
     
  • NVSA reserves the right to access, review, and retain all messages in the ordinary course of business.
     

5. Prohibited Use

The following are strictly prohibited:

  • Sending PHI over unsecured or non-approved platforms
     
  • Using messaging platforms for personal communication
     
  • Sending discriminatory, harassing, or offensive content
     
  • Sharing login credentials with unauthorized individuals
     
  • Disabling or circumventing platform compliance features (e.g., audit trails, opt-outs)
     

6. Compliance

Employees must complete all required training on HIPAA and secure messaging before being granted access to third-party communication platforms.

Violations of this policy may result in disciplinary action, up to and including termination of employment.

Questions or Concerns:
Please direct any questions about this policy to the Office Manager, Operations Director, or HR.