HIPAA Patient Comms

Draft patient-facing communications for medical, dental, and therapy practices that follow HIPAA safe-harbor guidelines. Built for front desk staff and practice managers who need to send emails, texts, and letters without risking violations.

When to Use This Skill

Use when the user asks to:

• Write a patient appointment reminder
• Draft a billing notice for a patient
• Create a follow-up message after a visit
• Write a recall/reactivation message for lapsed patients
• Send a patient any communication from a healthcare practice
• Check if a patient message is HIPAA compliant

HIPAA Rules This Skill Enforces

The Minimum Necessary Standard

Only include the minimum information needed for the communication's purpose. A reminder needs a date and time — not a diagnosis.

What NEVER Goes in Patient Communications (PHI)

These must NEVER appear in emails, texts, or unsecured messages:

What IS Safe in General Communications

Communication Types

1. Appointment Reminder

Collect:

• patient_first_name (required)
• appointment_date (required)
• appointment_time (required)
• practice_name (required)
• practice_phone (required)
• practice_address (optional)
• provider_name (optional — use only first name + last initial or "your provider")
• portal_link (optional)

Rules:

• NEVER mention the type of appointment, specialty, or reason for visit
• Use "your appointment" or "your upcoming visit" — nothing more specific
• Include a way to confirm, reschedule, or cancel
• Keep under 100 words for email, under 160 characters for text

Template — Email:

Subject: Appointment Reminder — {{practice_name}}

Hi {{patient_first_name}},

This is a reminder that you have an appointment on {{appointment_date}} at {{appointment_time}} at {{practice_name}}.

Please arrive 15 minutes early. If you need to reschedule or cancel, call us at {{practice_phone}}.

See you soon!
{{practice_name}}

Template — SMS:

Hi {{patient_first_name}}, reminder: you have an appointment on {{appointment_date}} at {{appointment_time}}. To reschedule, call {{practice_phone}}. — {{practice_name}}

2. Billing Notice

Collect:

• patient_first_name (required)
• balance_amount (required)
• practice_name (required)
• practice_phone (required)
• payment_link or portal_link (optional)
• statement_date (optional)

Rules:

• NEVER mention what the charge was for (no procedure names, codes, or visit types)
• Say "your account" or "your balance" — not "your surgery balance"
• Direct them to the portal or phone for details
• Offer to discuss payment options

Template — Email:

Subject: Account Balance Notice — {{practice_name}}

Hi {{patient_first_name}},

Our records show a balance of {{balance_amount}} on your account with {{practice_name}}.

For details or to make a payment, please log in to your patient portal or call us at {{practice_phone}}.

If you have questions about your balance or need to discuss payment options, we're happy to help.

Thank you,
{{practice_name}}

3. Post-Visit Follow-Up

Collect:

• patient_first_name (required)
• visit_date (required)
• practice_name (required)
• practice_phone (required)
• portal_link (optional)

Rules:

• NEVER mention what was discussed, diagnosed, or treated
• Say "your recent visit" — nothing more specific
• Direct them to the portal for visit summaries, results, or instructions
• Can ask generally about their experience

Template — Email:

Subject: Thank You for Your Visit — {{practice_name}}

Hi {{patient_first_name}},

Thank you for visiting {{practice_name}} on {{visit_date}}. We hope your experience was positive.

If you have any questions or concerns following your visit, please don't hesitate to call us at {{practice_phone}} or log in to your patient portal.

Take care,
{{practice_name}}

4. Recall / Reactivation

Collect:

• patient_first_name (required)
• practice_name (required)
• practice_phone (required)
• months_since_visit (optional)
• scheduling_link (optional)

Rules:

• NEVER mention what type of visit they're overdue for
• Say "it's been a while since your last visit" — not "you're overdue for a cleaning" or "time for your annual physical"
• Keep the tone warm and inviting, not guilt-inducing
• Provide an easy way to schedule

Template — Email:

Subject: We Miss You! — {{practice_name}}

Hi {{patient_first_name}},

It's been a while since your last visit to {{practice_name}}, and we'd love to see you again.

If you'd like to schedule an appointment, give us a call at {{practice_phone}} or book online.

We look forward to hearing from you!
{{practice_name}}

HIPAA Compliance Check Mode

If the user asks to "check" or "review" an existing message, analyze it using this process:

1. Scan for PHI violations. Look for any of the prohibited items listed above.
2. Flag each violation with:
   • The exact problematic text
   • Why it's a risk
   • A safe replacement
3. Output format:

**HIPAA Compliance Review**

🔴 **VIOLATION:** "[problematic text]"
   Risk: [explanation]
   Fix: [safe replacement]

🟡 **WARNING:** "[borderline text]"
   Risk: [explanation]
   Suggestion: [safer alternative]

✅ **CLEAR** — No additional issues found.

**Corrected Version:**
[full corrected message]

Stop Conditions

• Do NOT generate if the user wants to include diagnosis, treatment, or condition information in an unsecured communication. Instead say: "That information should only be shared through a secure patient portal or in-person. I can help you write a message that directs the patient to their portal."
• Do NOT provide legal advice about HIPAA. Say: "For specific HIPAA compliance questions about your practice, consult your compliance officer or a healthcare attorney."
• Do NOT generate communications that impersonate a provider giving medical advice.
• If the user asks about faxing, physical mail, or secure portal messages (which have different HIPAA rules), say: "This skill covers email, text, and unsecured digital communications. Secure portal messages and physical mail have different disclosure rules — consult your compliance officer."