Are Your Patient Communications HIPAA Compliant?
HIPAA is the Health Insurance Portability and Accountability Act. It was passed in 1996 to ensure that American workers and their families would be able to have continuous healthcare coverage when they changed jobs.
HIPAA also required the secure handling and privacy of specific patient information. The privacy rule states that only the minimum health information necessary to care for the patient be used or shared.
In Canada, the equivalent privacy law is called PIPEDA — also known as the Personal Information Protection Electronic Documents Act. Like HIPAA, PIPEDA compliance requires secure handling of personal information and sharing only the minimum information needed.
What Else Does HIPAA and PIPEDA Cover?
HIPAA applies to most state-licensed practitioners. But it does not necessarily apply to unlicensed practitioners — for example, health coaches and personal trainers.
When it comes to telehealth for licensed practitioners, it is critical that virtual wellness services follow the HIPAA requirements in the US and PIPEDA requirements in Canada. That’s because HIPAA and PIPEDA rule over the way that you conduct virtual healthcare to ensure that your patient’s information is protected, no matter where you are treating them.
That means that any electronic files, video calls, and images need to be protected the same way you would with physical documents.
The Rules Around Virtual Phone Appointments
As a licensed health practitioner, you can have a virtual phone appointment with your patient whether it’s on a landline or a cell phone — but only as long as the call is private. You need to be in a private space where other people not involved in your patient’s care cannot hear your consultation.
So you shouldn’t take patient calls from your local cafe, co-working space, or any other public space unless you can be sure that your conversation will not be overheard by anyone.
Setting Secure HIPAA-Compliant Video Appointments
Just like phone appointments, you shouldn’t have your video appointments in a public space where others may overhear your discussion. Beyond that, you need to ensure that your video software is also HIPAA compliant.
For example, consumer-grade services such as Skype, FaceTime, and Zoom, do not support HIPAA compliant video conferencing because they are not encrypted. So they should not be used for patient appointments that require the use of protected health information.
However, because of the rapid expansion in video conferencing, Zoom and Skype have released versions of enterprise-grade software that is specifically designed for health practitioners — and that is HIPAA compliant. However, those solutions can be costly.
Additionally, the video call capabilities built within Well World are 100% HIPAA compliant because the app and practitioner portal follow HIPAA rules. Well World is also ready for you to use without any upgrades needed, as long as you are a Well World practitioner.
Secure Patient Documents Sent in Email and Text
It’s tempting — and easy — to send sensitive documents to patients through email. But if you’re sending patient documents through your free Google account, you are violating HIPAA rules. That’s because your emails are being hosted on Google’s servers. In order to stay compliant, your email would have to be encrypted, or hosted on a private server or sign up for a paid Google GSuite account.
Emails that you send on your own server internally in your office do not have to be encrypted. For example, an email going from the office manager to the nurse is compliant.
If you’re working from home and access your secure server remotely, your email needs to be encrypted.
If a patient sends an email to your practice, you can assume that the patient is not aware of the potential risks of using unencrypted email. You can alert the patient of those risks and then let the patient decide whether to continue email communications. However, you must provide an alternate secure method of providing information to your patient.
If you need to get in touch with your patient, or they need to provide you with sensitive personal health information, you can quickly and securely send messages using the text chat function in Well World. Since Well World was built with HIPAA compliance in mind, you can confidently send information directly to patients through your practitioner portal.
Create a HIPAA-Compliant Group in Well World
You can set up your own private Facebook group in just a few minutes. It’s easy to manage and invite your patients. While it is a great place for members to socialize, share progress and encourage each other, it’s far from being HIPAA compliant, and thus a risky place for a practitioner to be practicing medicine.
If you want to ensure that your patients are in a secure group, you can set one up in your Well World practitioner portal and use it to communicate securely and efficiently without ever leaving the Well World portal.
When you add patients to any group program in Well World, they will all have access to the same nutrition plan, supplement protocols, automated messaging, and group text chat — right in their Well World app!
You can securely message the whole group through the group text function within Well World. And your participants can securely respond through the same channel.
If you record specific video content and upload it to your group, it will be protected within the Well World HIPAA-compliant ecosystem. Your patients can watch any videos you upload through their own smartphone.
Following HIPAA regulations does not have to be cumbersome. It just takes a little forethought and planning to find the right technologies that will secure your patient’s private health information. Well World is HIPAA and PIPEDA compliant and creates a safe, secure ecosystem for practitioners and their patients to improve their health.