This webinar focuses on HIPAA Rules for transmitting informational email and text messages to patients over an electronic communications network.
You will learn:
Why should you attend:
- The information that makes a message subject to HIPAA
- The "safe harbor" - How Health Care Providers may obtain consent from patients to send PHI in unencrypted email and unencrypted text messages and not be responsible for unauthorized access to the PHI in transmission or when received by the patient
- What a Health Care Provider must do if a patient does not agree to receive PHI in unencrypted email or unencrypted text message
- The requirements for a Business Associate to be able to communicate by email or text message with a patient on behalf of a Health Care Provider
- How a Business Associate may protect itself from liability for violating HIPAA Rules about email and text messages in its Business Associate Agreement
- What a Health Care Provider must do if a patient does not agree to receive PHI in unencrypted emails or text messages
- How Health Care Providers and Business Associates may prove they are compliant with the HIPAA Rules through documentation
- The Policies and Procedures Health Care Providers and Business Associates must have in place to comply with HIPAA Rules concerning communication with patients through email and text message
There are widespread violations of the HIPAA Rules for communicating with patients by unencrypted email and text message - largely because Providers and Business Associates just don't know the rules. These HIPAA Rules are clear and easy to follow but you are at great risk and directly liable for breaking them.
A simple appointment reminder is, by definition, PHI even though it may not contain diagnostic specific information. So are Happy Birthday wishes, reminders that a patient is overdue for a checkup or has an outstanding balance on a bill.
You must know how you can maximize your use of key patient communication tools while protecting yourself and your organization from government penalties and patient lawsuits.
Health Care Providers have a mandatory "duty to warn" patients of risks associated with unencrypted email. A patient may refuse to receive unencrypted emails after being warned. Health Care Providers and Business Associates must strictly follow the patient's restriction.
There is a HIPAA "safe harbor" that frees you from:
- Responsibility for unauthorized access of a patient's PHI during transmission and
- Responsibility for safeguarding PHI delivered to the patient
Don’t be the Provider or Business Associate that finds itself in serious trouble simply because you didn’t follow the HIPAA Rules for unencrypted electronic communication with patients!
Areas Covered in the Session:
Who Will Benefit:
- More and more patients like the convenience of email and text message
- The HIPAA "safe harbor" - how you can communicate with patients in the way they prefer and protect your organization
- How Health Care Providers and Business Associates can work together to avoid violating HIPAA Rules about email and text message communications with patients
- Health Care Providers
- Business Associates
- Insurance Brokerage
- Patient Engagement and Marketing Companies