Calling your doctor’s office to schedule an appointment for you to come in and be examined and treated has been the custom for decades. However, thanks to advancements in modern technology, this process has been streamlined and can now all be done online. Taking the technology further, patients can now live chat online with their doctor’s office, schedule appointments, and even meet with their doctor through video calling. This new way of interacting has many benefits for both patients and doctors, but doctors should proceed cautiously, especially when receiving personal health information from their patients.
When receiving private information regarding a patient’s health, there is a duty to protect that information, especially if you are a HIPAA-covered business. The way health information is shared may change, but the responsibility remains. Therefore, any private health data a doctor’s website receives must strictly follow the rules outlined by HIPAA in two separate rules: The Security Rule and the Privacy Rule.
The Security Rule – This rule requires all physicians to take appropriate measures to ensure patient health information’s safety when transmitted electronically.
The Privacy Rule – This rule sets the standards for how physicians use private health information.
When it comes to a physician’s website, there are a variety of ways data can be collected from a patient, including but not limited to the following:
• Live Chats
• Email Correspondence
• Online Appointment Scheduler
• Telehealth calls and forums
• Online Forms
• Review Forum
While all these features are allowable under HIPAA, some security features should be in place to ensure the information collected is adequately protected. For example, a physician should consider purchasing an SSL certificate that enables website encryption. This would help guard against online hackers attempting to steal patient information. Another way a physician can ensure they are following HIPAA guidelines is by using encrypted email servers and website forms and forums. When patients provide private health information through an online platform or email, the best practice is to ensure the messages are sent through encrypted services such as Barracuda or ProtonMail. When a website is designed to transmit any information online, you should also question who is set to receive the information and ensure that only authorized individuals have access to a patient’s private health information. These tasks can be handled individually within the HIPAA covered entity or a credible third party or professional website service can be utilized to ensure the private health information of their patients is protected and their practice complies with HIPAA.
Contact us with any questions or concerns you have regarding HIPAA compliance. Our attorneys have the knowledge and experience to guide you so that private health information stays private.
