Using Patient Portals To Achieve HIPAA Compliance

The patients of today's healthcare providers have an insatiable desire for electronic access to information. Many are heavy users of email, social media and other forms of electronic communication and they are demanding to communicate this way with their healthcare provider. But this is where the problem begins and where patient portals can help. 

Due to the inherent lack of security of internet based email, email is not deemed an acceptable form of communication if the message involves PHI, Personally Identifying Information (name, email address, phone, address, etc) along with health information. 

HIPAA is a federal act that does not have any provisions that allow patients to "waive" the protections of the ACT. Thus, taking this posture is a risky bet and the fines for non-compliance are steep. Find out more information on healthcare compliance by browsing the internet.

Image source:-Google

So how do practices meet the insatiable desire for electronic communications to deliver patient satisfaction, yet comply with HIPAA and HITECH? Patient portals are definitely part of the answer. Simply put, patient portals are healthcare related online applications that allow patients to interact and communicate with their healthcare providers. 

The functionality of patient portals varies significantly but may include secure access to patient demographic information, appointment scheduling, payments, bidirectional messaging and access to clinical data if the portal is being provided by the EHR provider.

Today in practice, we find patient portals being provided by firms providing "Practice Management" (PM) solutions and even third parties that are promising patients eventual access to all of their health information in one portal. 

Why Does HIPAA Compliance Plans Are Necessary?

Health insurance portability and accountability, or HIPAA, signed into law on August 21, 1996. This is complex legislation that requires detailed training and planning by health care providers. This seeks to create greater efficiency in the health care industry and ensure the privacy of patient medical records. To comply and fulfill these ideals, the HIPAA compliance plan is very important. 

Compliance only occurs as a result of certain plans with detailed procedures. Certain plants need to be done to ensure that legal provisions are fulfilled. Failure to prepare and implement a plan can have great consequences. You can get the optimum healthcare compliance online via

Image result for healthcare compliance

Image Source: Google

The main push of HIPAA is the privacy of medical records. Effective HIPAA Compliance Plans involve the determination of procedures to ensure that there is no violation of patient privacy rights based on law. All personnel who have contact with medical records need to know HIPAA provisions. 

This requires broad training as part of any plan. Training needs comprehensive, and all employees must be the latest with the latest effects of HIPAA. In large medical practices or hospitals, the failure of one employee to comply with HIPAA can be a source of obligations and costs. What happens when there are no compliance plans or a plan that is ineffective, in its place? 

What are the consequences? The main results are security violations involving medical records. A person's personal note released to a party that has no right to information. This is done with a telephone call, email, or written request. It can be as simple as a question that seems harmless from a visitor at the hospital. One slip and personal medical information released.