Email and text message are subject to the HIPAA Security Rule transmission standard. Changes in the Omnibus Rule in 2013 further clarified the importance of proper usage of email and text message, examples of electronic transmission media. Oftentimes used as a method to transmit PHI, electronic transmission media is an area that covered entities need to develop and implement policies and procedures to ensure HIPAA compliance.
Why should you Attend:
- Covered entities have "Duty to Warn" individuals of the risk of unencrypted transmission and that warning is a necessary step in protecting their PHI
- Unencrypted email and text messages may be sent only if the individual consents to receive them after being warned
- Documentation of consent is required. Through real world examples, Paul will delve into the ways to engage patients through email and text messages, teach you how to safeguard PHI throughout electronic transmission media, and set you on the path to HIPAA compliance
Email and text message continue to grow with popularity amongst patients and amongst covered entities. And email and text message continue to be examples of a Breach! These methods of electronic communication are used as a way to discuss treatment, to market, and to engage the patient. And yet these methods of communication can be extremely unsafe. Interceptions, hackers, misdialed numbers can all result in stolen protected health information (PHI) and in HIPAA violations. All resulting in the loss of a patient's privacy, maybe even identity theft, and in loss of funds for the covered entity.
Today health records are more valuable than credit card numbers or social security numbers on the black market. As a health care provider or covered entity, it is your responsibility to safeguard PHI. It was once understood that email and text message were deemed appropriate if the email or text message were received from the patient. Since the Omnibus Rule, this has changed. Covered entities are responsible under HIPAA requirements for all PHIS in every email and text message
. The email or text message address alone is PHI as defined by HIPAA - regardless of the content. HIPAA requires that every covered entity has a "duty to warn" and has the responsibility of acquiring consent and keeping proper documentation. And yet this is not being done in a compliant way.
There is a HIPAA "safe harbor" or "get out of jail free" card that frees you from:
- Responsibility for unauthorized access of a patient's PHI during transmission and
- Responsibility for safeguarding PHI delivered to the patient
Don't be the Provider or Business Associate that finds itself in serious trouble simply because you didn't follow the HIPAA Rules
for unencrypted electronic communication with patients!
Areas Covered in the Session:
Who Will Benefit:
- Patient Attraction Tips: Protect Patients' Privacy and PHI, Build the Relationship
- Why is Email or Text so significant inHIPAA: Electronic Transmission Media
- Protecting PHI and ePHI in the Electronic World: Omnibus Rule
- TPCA & HIPAA: Misinterpretations and Misunderstandings
- When and when not to Email or Text: Implement Policies and Procedures
- Duty to Warn, Consent & Documentation: HIPAA Compliance
- Real World Examples: Are you Compliant or has there been a Breach?
- HIPAA Compliance Official (HIPAA Officer)
- Compliance Director
- Practice Manager
- Privacy Officer
- Security Officer
- Chief Information Officer
- Information Systems Manager
- Health Information Manager
- Healthcare Counsel/lawyer
- Office Manager
- Contracts Manager
- Chief Clinical Officer
- Human Resources
- Marketing Departments