Using Patient Portals To Achieve HIPAA Compliance

The patients of today's healthcare providers have an insatiable desire for electronic access to information. Many are heavy users of email, social media and other forms of electronic communication and they are demanding to communicate this way with their healthcare provider. But this is where the problem begins and where patient portals can help. 

Due to the inherent lack of security of internet based email, email is not deemed an acceptable form of communication if the message involves PHI, Personally Identifying Information (name, email address, phone, address, etc) along with health information. 

HIPAA is a federal act that does not have any provisions that allow patients to "waive" the protections of the ACT. Thus, taking this posture is a risky bet and the fines for non-compliance are steep. Find out more information on healthcare compliance by browsing the internet.

Image source:-Google

So how do practices meet the insatiable desire for electronic communications to deliver patient satisfaction, yet comply with HIPAA and HITECH? Patient portals are definitely part of the answer. Simply put, patient portals are healthcare related online applications that allow patients to interact and communicate with their healthcare providers. 

The functionality of patient portals varies significantly but may include secure access to patient demographic information, appointment scheduling, payments, bidirectional messaging and access to clinical data if the portal is being provided by the EHR provider.

Today in practice, we find patient portals being provided by firms providing "Practice Management" (PM) solutions and even third parties that are promising patients eventual access to all of their health information in one portal.