Patient Communication Under New HIPAA Rules (Texting, Email etc.)
Identify The Risks Of Using E-Mail And Texting For Patient And Provider Communications How to Overcome The Same ??
The HIPAA Omnibus Update rules contain numerous changes to HIPAA Privacy, Security, and Breach Notification rules that affect communication with patients and clients of health care services, who often ask to communicate with health care offices via e-mails or text messages. Many of the policies and procedures in place at every health care-related organization will need to be reviewed and updated to meet the new requirements. Organizations need to understand the various ways that health care communications can take place, and how patient communications fit in with the HIPAA rules. They need to design and implement a patient communication policy/ plan, and train their staff on it, or they may face significant new fines for noncompliance.
As new requirements for allowing patient’s electronic access to their health information go into effect, and as patients increasingly come to depend on electronic communications, there are new demands for communication via e-mail and texting. Patients don’t want to bother with secure Web-site-based solutions, they just want to use the tools they already use for communication, and they have a right to communicate how they wish. How can HIPAA requirements for privacy and security be reconciled with patient requests for information provided by e-mail and text messages?
Join compliance expert Jim Sheldon Dean in this information packed session to discuss the differences between professional communications and patient communications, and how they must be treated to best serve patients, most efficiently enable communications, and remain within the bounds of HIPAA compliance.
Some of the most significant changes in HIPAA under the new Omnibus Update rules have to do with changes to individual rights under HIPAA that must be reflected in policies and procedures and an entity’s HIPAA policies and Notice of Privacy Practices (NPPs). All HIPAA Covered Entities should have updated their policies, procedures, and Notices of Privacy Practices to reflect the changes by September 23, 2013. Violations are subject to enforcement that can include fines up to $50,000 per day. Included are new rights of access to electronic records that illustrate the flexibility inherent in HIPAA and allow communications that many offices may have thought to be prohibited, such as using plain e-mail and texting. While professional communications between providers, insurers, business associates, and other business parties should always be conducted securely, there is more flexibility in using less secure technologies for communications with patients in some circumstances.
Jim will focus on the rights of individuals to communicate in the manner they desire, and how an office can decide what’s an acceptable process for communication with individuals. He will explain how to discuss communications options with individuals so that you can best meet their needs and desires, while preserving their rights under the rules. With the new HIPAA random audit program now getting under way, and increases in enforcement actions following breaches, now is the time to ensure your organization is in compliance with the regulations and meeting the e-mail and texting communication needs and desires of its providers and patients. You need the proper privacy protections for health information, and the necessary documented policies and procedures, as well as documentation of any actions taken pursuant to your policies and procedures. And, of course, you will need to train your staff in all the new policies and procedures.
E-mail has long been a staple of people's lives, but as we move into the new digital age, it seems everyone is moving to a new smart phone and wants to use it in all the incredible ways it can be used for health care purposes, including the use of e-mail and texting. Doctors are finding that texting is far more flexible, convenient, and effective than paging, and patients want to be able to use short message texting for handling of appointments, updates, and the like, where even e-mail or the telephone would seem inconvenient.
The stakes are high – any improper exposure of PHI may result in an official breach that must be reported to the individual and to the US Department of Health and Human Services, at great cost and with the potential to bring fines and other enforcement actions if a violation of rules is involved. Likewise, complaints by a patient if they are not afforded the access they desire can bring about HHS inquiries and enforcement actions, so it is essential to find the right balance of access and control.
Our expert will discuss the requirements, the risks, and the issues of the increasing use of e-mail and texting for patient and provider communications and provide a road map for how to use them safely and effectively, to increase the quality of health care and patient satisfaction. In addition, the session will discuss how to be prepared for the eventuality that there is a breach, so that compliance can be assured.
Topics covered in the session:
- Find out the ways that patients want to use their e-mail and texting to communicate with providers, and the ways providers want to use e-mail and texting to enable better patient care.
- Learn the risks of using e-mail and texting, what can go wrong, and what can result when it does.
- Find out about HIPAA requirements for access and patient preferences, as well as the requirements to protect PHI.
- Learn how to use an information security management process to evaluate risks and make decisions about how best to protect PHI and meet patient needs and desires.
- Find out what policies and procedures you should have in place for dealing with e-mail and texting, as well as any new technology.
- Learn about the training and education that must take place to ensure your staff uses e-mail and texting properly and does not risk exposure of PHI.
- Find out the steps that must be followed in the event of a PHI breach .
- Learn about how the HIPAA audit and enforcement activities are now being increased and what you need to do to survive a HIPAA audit.
Who should attend? Compliance Manager, HIPAA Officer, Chief Information Officer, Health Information Manager, Medical Office Manager, Medical Practice Lawyer, CFO, CEO, COO. Privacy Officer, Information Security Officer
- Barbara J. Cobuzzi, MBA, CPC-OTO, CPC-H, CPC-P, CPC-I, CHCC
- Debra Phairas, MBA
- Duane Abbey, Ph.D.
- John E. Steiner, Jr., Esq., CHC
- Wayne J. Miller, Esq.
- Duane Abbey, Ph.D.
About Our Speaker
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates.
Sheldon-Dean serves on the HIMSS Information Systems Security... More Info
More Events By The Speaker
- Save money on travel.
- Meet your specific training needs.
- Keep learning after the event.
- Save time training your whole staff.