Communication online is ubiquitous, and this has serious ramifications for those in the healthcare sector. In previous blogs, Keystone Health Partners has looked at whether Apple apps are HIPAA-compliant, and what to do in the event of a HIPAA breach. Here, we’ll discuss some of the different considerations that private medical practices should keep in mind when communicating with each other and with patients.
Emailing. Email is one of the most popular, useful communication tools available...and encryption should be an important part of any email capability. Encryption basically allows people to send sensitive or protected information through an email system and authenticate the sender. Here’s a quick summary according to Lieberman Technologies:
“Encrypting email involves a pair of mathematically related cryptographic keys, one of which is public and the other private. Public and private keys are created as a pair – meaning that encryption and decryption can only work within the confines of these two keys. A message encrypted with either of the two keys can only be read by using the other key in the pair. No other key can be used to decrypt the message.”
Encryption should always be used when sending information like Social Security Numbers, personal health information, and more. And here’s an added benefit: if a laptop is stolen, it’s not considered a reportable breach if the emails containing sensitive information are encrypted.
Notice of Privacy Practices. Your private medical practice certainly has an NPP already, but has it been updated lately? According to Physician’s Practice, “the HIPAA Omnibus Rule requires practices to update these policies and take additional steps to ensure patients are aware of them, says Tennant.
Some of the required updates to the NPP include:
- Information regarding uses and disclosures that require authorization;
- Information about an individual's right to restrict certain disclosures of PHI to a health plan; and
- Information regarding an affected individual's right to be notified following a privacy or security breach.”
It’s also important to make sure your patients are aware of and have access to your Notice of Privacy Practices. New patients must sign a copy, and the information needs to be available on a practice’s website, as well as prominently posted in the physical facility.
All private practices have a vested interest in avoiding HIPAA breaches and other privacy violations. Not only is it legally mandated, but it’s just good practice and patient care. Be sure to check back on our blog to learn more ways to keep your practice on the right side of the law, and please contact us if you have any questions!
