New Patients are vital for growing and sustaining a Health Care Provider’s Practice. Patient attraction has become an enormous business resulting in highly visible Internet-based HIPAA violations and risks for providers. Websites, social media, patient satisfaction surveys, email and text messaging sold by vendors including Business Associates are all subject to HIPAA rules that are frequently overlooked or ignored.
HIPAA Rules for the most common patient attraction tools are clear and unequivocal. One look at a health care provider’s website can provide undeniable evidence of a HIPAA violation and indications of other violations to be investigated.
There are widespread violations of the HIPAA Rules for communicating with patients for patient engagement as well. These violations are being made by Providers and Business Associates primarily through unencrypted email and text message. A simple appointment reminder is, by definition, PHI even though it may not contain diagnostic specific information. So are Happy Birthday wishes, reminders that a patient is overdue for a checkup or has an outstanding balance on a bill.
You (Provider and Business Associate) must know how you can maximize your use of key patient engagement tools while protecting yourself and your organization from government penalties and patient lawsuits.
Health Care Providers have a mandatory “duty to warn” patients of risks associated with unencrypted email. A patient may refuse to receive unencrypted emails after being warned. Health Care Providers and Business Associates must strictly follow the patient’s restriction.
The information that makes a message subject to HIPAA- what is PHI? How can you have compliant behaviors in Social Media?
The “safe harbor” – How Health Care Providers may obtain consent from patients to send PHI in unencrypted email and unencrypted text messages and not be responsible for unauthorized access to the PHI in transmission or when received by the patient
What a Health Care Provider must do if a patient does not agree to receive PHI in unencrypted email or unencrypted text message
The requirements for a Business Associate to be able to communicate by email or text message with a patient on behalf of a Health Care Provider
How a Business Associate may protect itself from liability for violating HIPAA Rules about email and text messages in its Business Associate Agreement
What a Health Care Provider must do if a patient does not agree to receive PHI in unencrypted emails or text messages
How Health Care Providers and Business Associates may prove they are compliant with the HIPAA Rules through documentation
The Policies and Procedures Health Care Providers and Business Associates must have in place to comply with HIPAA Rules concerning communication with patients through email and text message
The information that makes a message subject to HIPAA- what is PHI? How can you have compliant behaviors in Social Media?
The “safe harbor” – How Health Care Providers may obtain consent from patients to send PHI in unencrypted email and unencrypted text messages and not be responsible for unauthorized access to the PHI in transmission or when received by the patient
What a Health Care Provider must do if a patient does not agree to receive PHI in unencrypted email or unencrypted text message
The requirements for a Business Associate to be able to communicate by email or text message with a patient on behalf of a Health Care Provider
How a Business Associate may protect itself from liability for violating HIPAA Rules about email and text messages in its Business Associate Agreement
What a Health Care Provider must do if a patient does not agree to receive PHI in unencrypted emails or text messages
How Health Care Providers and Business Associates may prove they are compliant with the HIPAA Rules through documentation
The Policies and Procedures Health Care Providers and Business Associates must have in place to comply with HIPAA Rules concerning communication with patients through email and text message
Paul R Hales
"Paul Hales received his Juris Doctor degree from Columbia University Law School and is licensed to practice law before the Supreme Court of the United States. He is an expert on HIPAA Privacy, Security, Breach Notification and Enforcement Rules with a national HIPAA consulting practice based in St. Louis. Paul is the author of all content in The HIPAA E-Tool, an Internet-based, Software as a Service product for health care providers and business associates."
Understanding and Analyzing Financial Statements
Onboarding is Not Orientation: How to Improve Your New Hire…
Managing Toxic & Other Employees Who have Attitude Issues
Do's and Don'ts of Documenting Employee Behaviour, Performa…
Gossip-Free: Leadership Techniques to Quell Office Chatter
Outlook - Master your Mailbox - Inbox Hero Inbox Zero
Harassment, Bullying, Gossip, Confrontational and Disruptiv…
Excel & ChatGPT Synergy Masterclass: Unleashing Financial A…
Introduction to Microsoft Power BI Dashboards
Drive Recruiting Success with the Using Recruiting Metrics …
2025 EEOC & Employers: Investigating Claims of Harassment …
Impact Assessments For Supplier Change Notices
Mastering Job Descriptions: Legal and Practical Insights fo…
Effective Onboarding: How to Welcome, Engage, and Retain Ne…
What is in Store for Employers When Updating Employee Handb…
Designing Employee Experiences to Build a Culture of Compli…
Onboarding Best Practices for 2025: Proven Strategies to Po…
Accounting For Non Accountants : Debit, Credits And Financi…
Creating a Successful Job Rotation Program
The Anti-Kickback Statute: Enforcement and Recent Updates
FDA Compliance And Laboratory Computer System Validation
How To Create Psychological Safety in your Organization
Aligning Your HR Strategy with Your Business Strategy
Transforming Anger And Conflict Into Collaborative Problem …
How to Give Corrective Feedback: The CARE Model - Eliminati…
I-9 Audits: Strengthening Your Immigration Compliance Strat…
Zero Acceptance Sampling to Reduce Inspection Costs
Identifying, Managing, and Retaining High Potential Employe…
AI at Your Service: Enhancing Your Microsoft OfficeSkills w…
Why EBITDA Doesn't Spell Cash Flow and What Does
FDA Recommendations for Artificial Intelligence/Machine Lea…
Project Management for Non-Project Managers - How to commun…
Dealing With Difficult People In Life & Work
Developing and Implementing Quality Culture in the Organiza…
2-Hour Virtual Seminar on the 6 Most Common Problems in FDA…
Enhancing Pivot Tables with Images: Visualize Your Data Lik…
How to Write Effective Audit Observations: The Principles f…
How to Write Contracts for Procurement Professionals
Uplifting the Credibility of HR: How to Build the Credibili…
Strategic Interviewing & Selection: Getting the Right Talen…
Performance of Root Cause Analysis, CAPA, and Effectiveness…
FDA Audit Best Practices - Do's and Don'ts
Unlock Employee Loyalty: Stay Interviews Will Keep Them Eng…
How to Manage the Legal Landmine of the FMLA, ADA and Worke…
Excel Lookup Functions: VLOOKUP, HLOOKUP, and XLOOKUP Made …