Obviously, I don’t need to tell you about how important it is to be aware of protected health information as it relates to HIPAA. But, when it comes to online patient submission forms, uploads, emails, social media, and so on, the list of things to know about how to protect ePHI is continually growing.
In this video, I’ll give you practical advice for how to make sure your practice’s online marketing strategy adheres to HIPAA guidelines.
No time for the video? Look over the notes below.
Small Part, Big Vulnerability
- Website and email changes are a small piece of HIPAA compliance. The vulnerability lies in how you behave.
- Compliance = technical + operational + behavioral changes.
- Make a good-faith effort to protect patient information, provide notice, secure consent, review compliance, and report breaches.
- Consult your legal counsel for more guidance.
Make Sure You and Your Staff Understand
- Whom to protect: existing patients and prospects
- What to protect: ePHI and privacy
- Where to protect: website form submissions, uploads, emails, text messages, social posts
Encryption: The Truth Is in the Middle
- Enrolling prospects in secure messaging will deter inquiries.
- Disclosing risks and securing consent should cover initial inquiries.
- Encryption is essential for PHI-laden messages and patient care.
Social Media Communications Are Covered by HIPAA
- Patient posts do not imply consent.
- Never violate privacy or post PHI.
- Publish HIPAA and privacy policies on your site.
- Require patients to accept terms and conditions of unsecure email on Web forms.
- Use email signatures to notify patients of email risks.
- Secure specific HIPAA releases in office.
- Consider executing business associate agreements (BAAs) with partners.
- Train, retrain, and monitor staff when handling ePHI.
- Include minimal ePHI in electronic communications.
- Get off electronic media quickly.
- Consider a secure messaging solution.
- Follow best practices for accessing, storing, and printing emails.
- Periodically audit your online activities and document findings.