New HIPAA Rules for Communicating with Patients by Unencrypted Email and Text Messages


Paul Hales is a Keynote Speaker at Compliance Key, Inc. He received his Juris Doctor degree from Columbia University Law School and is licensed to practice law before the Supreme Court of the United States. He is an expert on HIPAA Privacy, Security, Breach Notification and Enforcement Rules with a national HIPAA consulting practice based in St. Louis. Paul is the author of all content in The HIPAA E-Tool, an Internet-based, Software as a Service product for health care providers and business associates.

Overview

Communicating with patients by unencrypted email and text message (SMS) about a variety of topics (appointment reminders, patient satisfaction, etc.) is growing dramatically. The HIPAA Rules for sending Protected Health Information (PHI) by electronic messages have been clarified. But most Providers and Business Associates are not following the HIPAA Rules.
Email and text message are subject to the HIPAA Security Rule transmission standard. Changes in the Omnibus Rule in 2013 further clarified the importance of proper usage of email and text message, examples of electronic transmission media. Oftentimes used as a method to transmit PHI, electronic transmission media is an area that covered entities need to develop and implement policies and procedures to ensure HIPAA compliance. HHS states

  1. Covered entities have a "Duty to Warn" individuals of the risk of unencrypted transmission and that warning is a necessary step in protecting their PHI. 
  2. Unencrypted email and text messages may be sent only if the individual consents to receive them after being warned. 
  3. Documentation of consent is required. Through real world examples, Paul will delve into the ways to engage patients through email and text messages, teach you how to safeguard PHI throughout electronic transmission media, and set you on the path to HIPAA compliance.

Why should you attend this webinar?

Email and text message continue to grow with popularity amongst patients and amongst covered entities. And email and text message continue to be examples of a Breach! These methods of electronic communication are used to discuss treatment, to market, and to engage the patient. And yet these methods of communication can be extremely unsafe. Interceptions, hackers, misdialed numbers can all result in stolen protected health information (PHI) and in HIPAA violations. All resulting in the loss of a patient's privacy, maybe even identity theft, and in loss of funds for the covered entity. Today health records are more valuable than credit card numbers or social security numbers on the black market. As a health care provider or covered entity, it is your responsibility to safeguard PHI. It was once understood that email and text message were deemed appropriate if the email or text message were received from the patient. Since the Omnibus Rule, this has changed. Covered entities are responsible under HIPAA requirements for all PHI in every email and text message. The email or text message address alone are PHI as defined by HIPAA - regardless of the content. HIPAA requires that every covered entity has a "duty to warn" and has the responsibility of acquiring consent and keeping proper documentation. And yet this is not being done in a compliant way. There is a HIPAA "safe harbor" or "get out of jail free" card that frees you from:

  1. Responsibility for unauthorized access of a patient's PHI during transmission and
  2. Responsibility for safeguarding PHI delivered to the patient.
Don't be the Provider or Business Associate that finds itself in serious trouble simply because you didn't follow the HIPAA Rules for unencrypted electronic communication with patients!

Areas Covered in the Session:

  • Patient Attraction Tips: Protect Patients' Privacy and PHI, Build the Relationship
  • Why is Email or Text so significant in HIPAA: Electronic Transmission Media
  • Protecting PHI and ePHI in the Electronic World: Omnibus Rule
  • TPCA & HIPAA: Misinterpretations and Misunderstandings
  • When and when not to Email or Text: Implement Policies and Procedures
  • Duty to Warn, Consent & Documentation: HIPAA Compliance
  • Real World Examples: Are you Compliant or has there been a Breach

Who can Benefit:

  • HIPAA Compliance Official (HIPAA Officer)
  • Compliance Director
  • Practice Manager 
  • Privacy Officer
  • Security Officer
  • CEO
  • CFO
  • COO
  • Chief Information Officer 
  • Information Systems Manager
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
  • Contracts Manager
  • Chief Clinical Officer
  • Human Resources
  • Marketing Departments



Webinar Id: LSHCIPH002

Training Options:

Duration: 60 mins

 06/22/2017

 10:00 AM PST | 01:00 PM EST

 Single Attendee: [Only for one participant]

 $179 (Live)                    $304 (Live + Recorded)

 Multiple Attendee: [For a group of 2-5 participants]

 $363 (Live)                    $488 (Live + Recorded)

 Corporate Attendee: [For a group of 6-10 Participants]

 $726 (Live)                    $945 (Live + Recorded)

 Recorded: [Six month unlimited access]

 $217(Single Attendee)  $599 (Unlimited Attendee)

Refund Policy
Upcoming Webinar of Paul Hales
MACRA & MIPS - Patient Engagement Part 1 - HIPAA Rules for Web Sites & Social Media
By: Paul Hales
When: 11/06/2017 | 10:00 AM PST | 01:00 PM EST
Price: $179
MACRA & MIPS - Patient Engagement - HIPAA Rules for Text Messaging & Email
By: Paul Hales
When: 08/18/2017 | 12:30 PM PST | 03:30 PM EST
Price: $179

More Webinar

Upcoming Webinar :Life Sciences and Healthcare
MACRA & MIPS - Patient Engagement - HIPAA Rules for Text Messaging & Email
By: Paul Hales
When: 08/18/2017 | 12:30 PM PST | 03:30 PM EST
Price: $179
Is it Method Verification or Validation, or Just Semantics?
By: Michael Brodsky
When: 08/21/2017 | 12:30 PM PST | 03:30 PM EST
Price: $179

More Webinar

    
Copyright © 2017 Compliance Key . All Rights Reserved. Back to Top