Accepting Patient Information on Your Website
Patients are looking for easy ways to communicate with their providers that don’t require a phone call. Hold times and constraining office hours to make an appointment, request records, pay a bill, and other patient communications are often cited as frustrations by your patients. To help resolve this, you look to technology to streamline your patient communications.
Technology is a perfect solution to solve many of these more tedious communications. Technology can make your patients and your staff a lot happier. Patients can send communication requests at their convenience and your staff isn’t tied up on the phone to respond to them.
How we deal with technology to make our patients our own lives easier, is where it can get really sticky. The temptation is to create a communication page on our websites. This is totally acceptable, so long as, we keep HIPAA in mind when doing so. We have to ensure that the communication page for the patient to make these requests is SECURE. What this means is that we have to enable an encryption method on that communication page to make sure that the transmission of the request is coming to us without being seen by an unauthorized viewer.
There are several ways we can handle this problem. The first method is through our Electronic Health Record’s patient portal. Patient portals were designed to allow patients to communicate with their providers in a number of ways. By creating a link to your patient portal on your website, your patients now have the option to communicate with your staff at their convenience.
The patient portal option only works if you have a patient portal and if your patients are registered for it. A lot of practices are solving the problem with putting a communication form directly on their website to take communication requests from potential new patients as well as patients that are not yet registered for the patient portal. To make this communication form secure can be a bit trickier, but is still doable.
To secure your website communication forms, you have a few options. The easiest option is to purchase a Secure Socket Layer (SSL) for your website. Your website will then display as secure (HTTPS) for your web visitors. Another option if encrypting your entire site is not an option for you, is to purchase a secure web communication tool to embed on your website. A quick Google search for HIPAA compliant web communication forms will give you several options to choose from.
Apart from the website, we also have to ensure the communication is coming to us securely. The most common way web communication forms are delivered is through email. The email account associated with the web communication form needs to be encrypted. You will also need to make sure you are limiting access to that email account to only the necessary staff within your clinic. The email account will need to follow your practices security policies regarding backup as well.
If you are using your website as a communication tool for your patients, you will need to make sure that your website and its supporting systems (including the content management system and hosting) is included on your risk analysis, information system activity review, and other security evaluations your have in place to meet the Security Rule requirements.
Taking these few steps will help your practice avoid a costly breach due to insecure web communication.
For more information, contact us! Happy HIPAA Trekking!