• Magazine
    • Past Issues
    • Subscribe
    • Change Mailing Address
    • Surveys
    • Guidelines for Authors
    • Editorial Calendar
    • Editorial Deadlines
  • Practice
    • Business Tips
    • Chiropractic Schools
    • Clinical & Technique
    • eBooks
    • eCourses
    • Infographics
    • Quizzes
    • Wellness & Nutrition
    • Personal Growth
    • Podcast
  • Resource Centers
  • Products & Services
    • Buyer’s Guide
    • Products Directory
    • Submit a Product
    • Vendor Login
  • Datebook
    • Become an Events Poster
    • Post an Event
    • View Events
  • Jobs
    • Jobs
    • Post a Job
  • Advertise
    • Advertising Information
    • Media Kit
    • Contact Us
    • Upload Advertising

Your Online Chiropractic Community

Chiropractic Economics Your Online Chiropractic Community
Subscribe
  • Home
  • Current Issue
  • News
  • Webinars
  • Chiropractic Research
  • Students
  • Coronavirus (COVID-19)

Is your communication with patients HIPAA compliant?

Kaitlin Morrison December 21, 2015

Electronic-communication-woman-using-smartphoneEmail and text messaging are very convenient ways people communicate, including many of your patients. These forms of communication, however, are not always compliant with HIPAA standards and may put your patients’ privacy at risk.

By understanding how HIPAA applies to your electronic communication, you can make your communications more effective while also maintaining compliance and respecting your patients’ privacy rights.

Mobile device use

To help healthcare providers understand the HIPAA communication rules for smartphones and other mobile devices, the U.S. Department of Health and Human Services published a website with specific guidelines including a mobile device fact sheet and a “Guide to Privacy and Security of Electronic Health Information”. In summary, mobile devices must be used in such a way as to protect patient information, using reasonable safeguards.1

In effect, this rules out the use of unsecure networks and unencrypted communication methods like texting. Unsecured text messaging may not be used to communicate patient information, either with patients or colleagues.1 However, using necessary safeguards or adopting secure third-party software to facilitate secure texting is an option.²

When considering mobile device use within your practice, these five steps will help you determine how to uphold HIPAA requirements: ²

  1. Determine if mobile devices will be used with patient information. This includes EHR use, using mobile devices as part of your organization’s internal system or “used to access, receive, transmit or store patients’ health information.” You must conduct a risk analysis and consider the risks that apply to your organization if you ultimately decide to use mobile devices in any of these ways.
  2. Analyze your use (or planned use) of mobile devices to send health information. Look for threats and potential vulnerabilities.
  3. Create your own custom strategy based on the vulnerable areas you identified in step #2. This strategy must include appropriate “privacy and security safeguards” and be regularly evaluated. In your plan, be sure to include your strategies for updating, maintaining and evaluating your strategy regularly.
  4. Create, record and begin using your policies and procedures for mobile device use. These should protect patient information and help staff members understand how to appropriately use mobile devices.
  5. Begin training staff members about protecting patient information and how to use their mobile devices in accordance with your policies and procedures. Conduct training on an ongoing basis to provide the most up-to-date information.

Email

Email communication with patients is acceptable as a long as healthcare providers make a reasonable effort to protect patient information.³ Unencrypted messages must take care not to reveal too much personal information. Precautions must be taken to ensure that messages are sent to the correct email address. Patients may ask for an alternative form of communication instead of email, as long as the request is reasonable.

Healthcare providers may safely assume that email is appropriate communication with a particular patient if that individual initiates email contact by sending an email message to the provider.³ If the patient requests a different form of communication, you should offer something more secure such as mail or phone communication.³

Know your use of information

You should do your own due diligence by researching HIPAA guidelines and determining how they apply to your practice’s use of electronic communications. Also, be aware that these regulations do change. Other regulations may apply to your practice and you must be prepared to comply with them.

Being prepared and using electronic communication responsibly demonstrates your concern for protecting patient privacy and offering the best care possible.

 

References

1 The U.S. Department of Health and Human Services. “Can you use texting to communicate health information, even if it is to another provider or professional?” https://www.healthit.gov/providers-professionals/faqs/can-you-use-texting-communicate-health-information-even-if-it-another-p. Published January 2013. Accessed November 2015.

2 The U.S. Department of Health and Human Services. “Managing Mobile Devices in Your Health Care Organization.” https://www.healthit.gov/sites/default/files/fact-sheet-managing-mobile-devices-in-your-health-care-organization.pdf. Accessed November 2015.

3 The U.S. Department of Health and Human Services. “Does the HIPAA Privacy Rule permit health care providers to use email to discuss health issues and treatment with their patients?”

Related Posts

  • Audit trails, audit controls, and security within the chiropractic practiceAudit trails, audit controls, and security within the chiropractic practice
  • Is your cloud provider HIPAA compliant?Is your cloud provider HIPAA compliant?
  • Building a chiropractic EHR vendor relationshipBuilding a chiropractic EHR vendor relationship
  • Using tablets to collect patient informationUsing tablets to collect patient information
  • Performing a chiropractic security risk assessmentPerforming a chiropractic security risk assessment
  • Are you really HIPAA compliant?Are you really HIPAA compliant?

Filed Under: Practice Management Software, Resource Center

Current Issue

Follow Us

  • Facebook
  • Twitter
  • Instagram
  • LinkedIn
  • YouTube logoYouTube logoYouTube

820 A1A N Highway W18,

Ponte Vedra Beach, FL 32082

Phone 904.285.6020

Fax 904.395.9118

CONTACT US »

Privacy Policy & Terms of Service

Copyright © 2021, All Rights Reserved

SUBSCRIBE TO THE MAGAZINE

Get Chiropractic Economics magazine
delivered to your home or office. Just
fill out our form to request your FREE
subscription for 20 issues a year,
including two annual Buyers Guides.

SUBSCRIBE NOW »

Latest Chiropractic News

  • Foot Levelers releases spring 2021 seminars schedule
  • MediHerb® introduces Ashwagandha Forte for patient sleep, stress, immunity support
  • HealthLight expands to include blue light therapy for chiropractors