If you don't have a patient portal and don't want to use a secure, HIPAA compliant email application, avoid including PHI in the email text and encrypt any files containing PHI that you are sending to patients. Keep in mind that SMS text messaging (regular texting) is not secure messaging..