Patients don’t want to be put on hold. They’re tired of accommodating to constraining office hours. Consequently, they’re looking for easy ways to communicate with their providers. Technology can solve many of patients’ communication frustrations. Many systems allow patients and healthcare staff to communicate without the limitations of phone calls.
One solution is to use the patient portal on your electronic health record system. These portals allow patients to communicate with their providers in a variety of ways. You can link to this portal from your website, creating a convenient tool for your patients.
If you don’t have a patient portal, you can put a communication form directly on your website where patients or potential patients can submit communication requests. This option is fine, as long as the online form is HIPAA-compliant. To be compliant, it must keep patient requests secure from unauthorized viewing.
You have a few security options:
- Use a Secure Socket Layer (SSL) on your website. Your website will then display as secure (HTTPS) for your web visitors.
- Purchase a secure web communication tool to embed on your website.
- Encrypt your entire website.
Furthermore, you must also be sure the communication arrives securely on your end. Web communication forms most often arrive through email. Therefore, you must encrypt the email account associated with the web form and limit access to only the necessary staff.
Lastly, if you use your website as a communication tool, you’ll need to include the website and supporting systems (such as hosting) in your risk analysis, information system activity review, and other security evaluations required by the HIPAA Security Rule.
To learn how HIPAAtrek can guide your HIPAA compliance program, contact us or request a demo.
Need More Guidance? Grab Our PHI Decision Tree!
This simple cheat sheet makes it easy to recognize every time you’re interacting with protected health information.