Remote Care: Why HIPAA Compliance is More Important Than Ever
If your practice is remote, it’s more important than ever to make sure you’re up on HIPAA compliance. In order to do this, you need to familiarize yourself with the good, the bad, and the ugly.
HIPAA Compliance: The Good, The Bad, and the Ugly
If your practice is operating remotely, it’s more important than ever to make sure you’re up on HIPAA compliance.
The Pain of Not Solving the Problem
If you don’t solve the problem of how to best communicate remotely with your patients, your practice could suffer. For example, if you mishandle medical records, you could lose patients, incur large fines, or even worse, have to close your practice. However, choosing proper forms of communication for remote care goes beyond that. You also want to choose a method that is easy to use for patients and makes them feel secure. Failure to communicate could mean a reduction in booked appointments, lost revenue, and possible closure.
What HIPAA Compliance Means in a Digital World
You should look at HIPAA compliance in a digital setting from two angles: First, what you use for technology, and second, what you do with that technology.
Choosing the right technology
Knowing what to do with the technology you have
Next, compliance comes down to what you do with the technology. We’ll use the examples of texting with patients, responding to online reviews, and conducting marketing campaigns. While there isn’t a rule against sending PHI across text messages if the technology you’re using is HIPAA-compliant, the best way to avoid any trouble is to keep it out of text messaging. You can use texts to send appointment reminders without disclosing any sensitive patient information. Before you text a patient with messaging containing PHI, if you choose to do that, it’s a good idea to
, acknowledging that they understand the possible risk of unauthorized disclosure that goes along with text messaging. When you respond to online reviews, you’ll be writing a response that is publicly available. It should not include any PHI whatsoever. Speak in generalities, thank the person for a good review or request a follow-up for a negative review, and leave it at that. Here’s an example of a good response to an online review: “Thank you so much for your review and feedback. I am so happy to hear that you had a positive experience with all of us at the office. Should you ever need anything at anytime, please don't hesitate to call or email us!” Marketing campaigns are likewise public-facing. You don’t want to share anything that discloses any patient information on a marketing campaign without a patient’s consent. You also
can’t market to anyone using PHI
without direct authorization from the patient, or market to a patient without prior authorization. If this is something you’d like to do with patients to market additional services, make sure you include that in your paperwork.
How to vet a solution that keeps you and your patients’ privacy in mind
When you’re evaluating a solution that will operate in you and your patients’ best interests, ask yourself the following questions:
And I've used at least 6 others." - Shaye, Falmouth Dentistry