Texting and E-mail with Patients: Patient Requests and Complying with HIPAAHIPAA Privacy Quiz
In the past few years, opportunities to communicate electronically have increased significantly and electronic communication (e-communication) is no longer limited to e-mail on the desktop. The advent of web enabled (or smart) phones and pad computers makes it possible to access information and send and receive messages anywhere there is a cell signal or wireless network. Mobile communication technologies have spread with remarkable speed. By the end of 2011, more than 5.6 billion people worldwide were using cell phones and smart phone purchases had outpaced computers. Physicians are embracing the technology.
HIPAA 2018 Changes
In this HIPAA session we will be discussing HIPAA 2018 Changes taking place in Washington with the Health and Human Services when it comes to the enforcement of the HIPAA regulations already on the books as well as some step-by-step discussions on the audit method and some current functions regarding HIPAA cases (both in courtrooms and from live audits).
Attend this Session
What not to Use
Do not use the patient's name, initials, or medical record number in the subject line of an email. Also, do not use direct patient identifiers in the message content. This includes:
- Names
- Phone numbers
- Fax numbers
- Electronic mail addresses
- Social Security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Account numbers and other personal details
HIPAA - Texting & Emailing in 2018
With the introduction of smartphones, emails have become the even more accessible form of communication. In conjunction with email comes the issue of security and them being intercepted and read by unintended persons. Precautions and steps are to be taken at every step of the way. So for a Healthcare concern or a business associate, it's a key to maximize patient communication tools while protecting itself and the organization from government penalties and patient lawsuits.
Attend this Session
Limit the amount of personal health record information you include in electronic communication. Don't include any highly sensitive information, such as:
- Mental Illness or Developmental Disability
- HIV/AIDS Testing or Treatment
- Communicable Diseases
- Venereal Disease(s)
- Substance (i.e., alcohol or drug) Abuse
- Abuse of an Adult with a Disability
- Sexual Assault and other sensitive details
HIPAA Privacy Officer: Module 1
HIPAA Privacy Officer Training will uncover all HIPAA and HITECH expectations in protecting patient and member's right to privacy and the confidentiality of Protected Health Information (PHI) as you engage in treatment, payment, and healthcare operations (TPO) services.
Attend this Session
What you need to know before you hit "send"
The HIPAA Privacy Rule permits healthcare providers to use e-mail to discuss health issues and treatment with their patients, provided they apply reasonable safeguards when doing so. These precautions are intended to prevent unintentional disclosures of ePHI and may include:
- Double and triple-checking the e-mail address to ensure accuracy before sending
- Sending an e-mail to the patient to confirm the address prior to sending any e-mail with ePHI
- Limiting the type or amount of information disclosed through e-mail, including ePHI
- Encrypting the e-mail prior to sending
- Alerting the patient to the relative risks of using unencrypted e-mail to communicate sensitive information, such as the potential for interception by a third party; having the e-mail read by a person with whom the patient has shared their e-mail login and password; accessing private e-mail on a public computer, such as in a library or on a shared computer at work
HIPAA Privacy Officer Module: 2
HIPAA Privacy Officer Training will cover all ongoing activities of a Privacy Program related to the development, implementation, maintenance of, and adherence to the organization's policies and procedures covering the privacy of, and access to, patient health information in compliance with federal and state laws and the healthcare organization's information privacy practices.
Attend this Session
Privacy and Security
- Require passwords and current antivirus (malware) protection for all devices (pads, laptops, desktops, smart phones) including providers' personal devices.
- Most smart phone and pad computer users do not use a password, defer to the pre-programmed password or use a simplistic password that is easy to guess. Develop and enforce password requirements.
- The portability of smart phones and pad computers makes them highly vulnerable to theft, loss and electronic snooping. Inventory all portable devices used by providers to communicate protected health information. Ensure the ability to lock or remote wipe the devices if lost or stolen.
Most of the suggestions on e-mailing with patients also apply to text messaging (SMS), where applicable. It should be noted that, while a text message cannot be encrypted, there are third party vendors that offer so-called "HIPAA-compliant" text messaging services, which address the Person or Entity Authentication and the Transmission Security standards of the Security Rule.
It is important for practices, providers and patients to understand the risks and benefits of communicating health care information electronically and to mitigate and manage the risks appropriately.
