Privacy, Privacy, Privacy
It’s hard for many of us to remember what the days before HIPAA were like, when access to patients’ health info was fair game for just about anyone. Medical and dental offices may grumble about the complications HIPAA added to their practices, but it was obviously a law whose time had come.
There are many aspects to the original rules, as well as those added through HITECH and Omnibus (and whatever comes next...) – our intent is to make sure that any of the requirements that apply to the medical forms on your practice website are followed to the letter.
There are two areas where healthcare practices can get into HIPAA trouble – unsecured patient forms and email. If all you provide are non-submittable PDF forms on your website, there’s no privacy issue. If, however, you opt for the convenience and speed of online patient forms, they must follow a rigid set of rules set forth by HIPAA.
To begin with, they must reside on a secure URL (one starting with https) – this assures the patients that they are in fact on your website and not filling out a renegade form that’s attempting to capture their data. Next, the form should submit the patient’s entries in an encrypted format, directly to a secure server. Please note that regular email is not a secure way to send anything. And even if you employ secure email for form submittal, there are a host of conditions to fulfill regarding the way you store this info.
Our Secure Patient Forms Program provides a fully HIPAA-compliant method of patient form submission, storage and retrieval. We know of no other way to shortcut this procedure and still be compliant.
“What your doctor won’t tell you about...”
Nobody likes spam email. Ever wonder how spammers get hold of your email address, and why it’s so hard to get off?
Let’s look at a common scenario. Someone hacks into your practice’s email account and harvests all your incoming and outgoing email addresses (and maybe even the message contents themselves). They then have a list of valid email addresses that were used in connection with a physician’s or dentist’s office. All it takes now is to contact one of the unethical list brokers they work with and make a sale, and your patients start getting spam emails targeting the diseases your office treats. If your patients then put two and two together...
“We’re contacting you to notify you of a breach of your Protected Health Information...”
We’ll bet you know what happens to your practice next.