Webinar: HIPAA Compliance & Communication with Patients or Colleagues: How to Avoid Violations and Improve Your Practice
Traditional email services (Gmail, Hotmail, AOL etc…) and file sharing services such as Dropbox are not secure, compliant or appropriate for communicating patient information to colleagues or patients themselves. In this webinar join Brightsquid CEO Rohit Joshi (LL.B) as he discusses the challenges of communicating in a manner that is both compliant with HIPAA regulations while still maintaining the convenience and ease modern practices require.
Subscribe to Brightsquid Today!
Sign up to Brightsquid and start using Secure-Mail for secure messaging with specialists, dentists and labs.
Patient Privacy Laws - HIPAA, HITECH, PIPEDA etc.
Email is NOT compliant with patient privacy laws and does NOT maintain doctor-patient confidentiality.
- HIPAA - Health Insurance Portability and Accountability Act (1996)-USA
- HITECH - Health Information Technology for Economic and Clinical Health Act & HITECH Safe Harbor -USA
- PIPEDA - Personal Information Protection and Electronic Documents Act - Canada
- Additionally there is significant Provincial/State legislation as well as professional dental bodies that have established very specific guidelines for the handling of patient information.
- PHI - Protected Health Information. The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.
There are many examples of penalties and corrective action issued for organizations that were not following patient privacy laws. For more information please visit the HIPAA/PIPEDA Enforcement page.
Business Repercussions - Loss of Reputation
- A breach occurs when the Protected Health Information (PHI) is disclosed, which compromises the security or privacy of the information.
- Breach notification rules and requirements.
- 211,422 individuals were affected by a HIPAA breach of Protected Health Information in 39 dental practices between 2009 and 2013, as of March 19, 2014, according to the U.S. Department of Health and Human Services.
- Healthcare per capita data breach cost is $233 (Ponemon Institute© Research Report).
Lower Standards For Your Practice With Traditional E-mail
- Differentiate your practice and show your patients your commitment to their care.
- Upgrade your email and communication services.
Can "reminder postcards" for biannual cleaning appointments be sent anymore?
Yes, as long as there is no Protected Health Information included in those reminders. No pre-appointment instructions or treatment details can be included.
Is it ok to "arrange referrals" for patients with another provider (like a specialist) by giving name, DOB, address, insurance, etc OVER THE PHONE?
Over the phone is fine, as long as you are sure that you are speaking with the appropriate practice.
We have old plaster models that we'd like to dispose of....however, each one has a patient’s name written in permanent marker on the bottom with a date. Can we throw these in the garbage OR should we grind off or redact the name before disposal?
Patient name is considered Protected Health Information. You cannot dispose of the plaster models without removing the name. Please redact or grind the name off.
Can we safely email reminders/texts by: "HI Mark, Dr. Tooth's office texting a reminder for your appointment tomorrow, Saturday, Sept 13, at 10:30. Please bring your new insurance info. Call 00000000 to confirm or reply to this text."
Yes, you can safely email reminders/texts as long as there is no Protected Health Information included in the reminders. No pre-appointment instructions or treatment details can be included.
We have a system now that is encrypted with password, but some of our specialists don't receive our emails and we need our IT guys to call their It guys to tweak something on the server. Do you ever have this happen? Our system detects PHI and encrypts/sends thru secure site, if needed.
Our encryption is built into our Secure-Mail service. This is true not only for encryption, but also for backup, disposal, archive, logging and auditing requirements for HIPAA compliance. Our first comment is to ensure that you have all of those systems in place with the system you are using to ensure your HIPAA compliance. With Secure-Mail, because encryption is internal to our system, there are no incompatibilities between Dentists, Specialists, Labs or Patients. IT people never have to be called for our system setup or operation.
Our office has multiple email addresses, depending on who is being contacted. Can we use multiple email addresses be used with the Dentist Subscription?
Yes, our Dentist Subscription includes 5 unique user accounts. Typically we see 1 dentist and 4 support staff using Secure-Mail for a practice. For HIPAA compliance reasons, every user should have their own account log-in and Secure-Mail account.
Do you offer HIPAA compliancy?
Our products are HIPAA compliant and we do offer some checklists on our site to help you ensure that you are HIPAA compliant. Also, have a look at our Webinar series as there is a considerable amount of information available to help you get started down the road of becoming HIPAA compliant. However we don't offer a consultancy service to help get your practice HIPAA compliant.
Is this the only HIPAA compliant email program?
No, you may find others. Please keep in mind that encrypted email does not make your practice HIPAA compliant.
If a patient agrees to email his information through non secured email, does the practice still be fined for this?
There are two answers to this question. If the patient sends information to you, once the information is in your system it needs to be HIPAA compliant. Our suggestion would be to send them an invitation to Secure-Mail from your subscription. On the other hand, if you want to send information to the patient, there are some guidelines that cover this scenario from a HIPAA compliance standpoint. You will need to ensure that the patient is aware of the risks of using non-secure email (like gmail, Hotmail, aol, etc.). You then need to have them sign over their consent to using this non-secure method. Please ensure that the consent document that you create for the patient is detailed with the risks they have assumed in receiving non-secure email.
Can patient statements be sent through Secure-Mail? For the monthly fee is there unlimited use?
Yes, many of our users are sending patient statements through Secure-Mail. It works great and patients love it. There is unlimited use for Secure-Mail subscribers.
Is Secure Mail free to patients?
Yes, there is no fee for patients to join or use Secure-Mail.