" consent Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘consent’

To Text or Not To Text: Texting under HIPAA

Monday, February 29th, 2016

Sending text messages under HIPAA

Sometimes, technology just sneaks up on you. Patients want to speak with you – stat – about lab results or to schedule, be reminded of, and confirm an appointment without an interminable wait in the phone queue. Patients want text messaging — which has quickly become the new normal for everyday communication — to be used routinely for their healthcare needs, as well. You hesitate, concerned not only about the appropriateness of text messaging, but the legal ramifications. These are legitimate concerns.

HIPAA unambiguously states that sending health information in a text message is a straight up violation, unless it is to a patient and a proper consent form has been signed (as discussed below). This provision applies to messages as simple as appointment reminders. If you engage in such a practice and do not document context, consideration, and patient consent, you will be in willful neglect and quite possibly assessed up to $50,000 for each text message.

Why is text messaging such a hot-button issue to HIPAA enforcers? Under what conditions can health information be sent by way of regular text messages? The good news is that you can secure text messages rather simply and not jeopardize your patients’ privacy or your healthcare practice. Please read on.

Read the rest of this post »

ePHI in Text Messages and Insecure Email: Does HIPAA allow Mutual Consent?

Sunday, January 18th, 2015

“Lets just agree that insecurely texting or emailing your medical appointments or lab results to your is OK….”  Can you actually have such a discussion and agreement with a patient or organization?

HIPAA is pretty adamant that email messages containing ePHI must be properly handled, and that includes transport encryption and archival.  However, encrypting all routine communications between doctor and patient is excessively tedious in some situations.

Enter the idea of “Mutual Consent” where doctor and patient both agree that email containing ePHI can be sent from the doctor to the patient’s regular email account without any special considerations or encryption.  This is a small “holy grail” that doctors like to imagine as “if all their patients consent then the doctors do not have to worry about secure email.”

It’s really not that simple, though.  Here we explain way.  Note that this is not intended as legal advice … you should always contact your lawyer for advice on how HIPAA applies specifically to your situation and for clarification on grey areas of the law such as this.

Read the rest of this post »