How to Avoid PHI Breaches and HIPAA Violations While Doing Patient Engagement through Websites, Marketing and Social Media
Duration: 60 Minutes
We all know the Internet is open for all to see. This includes the U. S. Department of Health and Human Services (HHS) and State Attorney General enforcement agents. A covered entity's breach for all to see! Misuse of social media, websites, or marketing can lead to HIPAA violations, lawsuits, and loss of patients and revenue. With HHS audits taking place and current violations with a minimum of $10,000 fines, it is the time for covered entities to become compliant while still keeping patient engagement through the ever growing electronic world. Whether you have a website, a LinkedIn page, or use Facebook, Twitter, Youtube, or Instagram, you are exposing your practice/business to a potential Breach. The avenues of electronic communications are growing and we must grow with it in order to maintain HIPAA compliance and keep the integrity and privacy of patients and their protected health information.
Objectives of the Presentation
Why Should you Attend
- Patient Engagement Tips: Protect Patients' Privacy and PHI, Build the Relationship
- Social Media: Reviews, Testimonials, and Likes, Marketing: Phone Calls, Emails, and Text Messages, & Websites: What to Post and Not to Post
- Why is Email or Text significant in HIPAA: Electronic Transmission Media
- When and when not to Email or Text: Implement Policies and Procedures
- Duty to Warn, Consent & Documentation: HIPAA Compliance
- Protecting PHI and ePHI in the Electronic World: Omnibus Rule
- Real World Examples: Are you Compliant or has there been a Breach?
In this Webinar, policies and procedures will be discussed that will help to ensure understanding of the usage of social media, marketing efforts and website development. This is more than posting a notice or opt-out message. This is an accurate, comprehensive and easy to implement way of patient engagement through examples and recent breaches. Your entire practice/business personnel should be aware of the harmful effects of the misuse of social media, marketing, and websites and the devices used to access these portals.
Who will Benefit
- Healthcare, Marketing for Healthcare
- Medical Providers
- Website Designers and Social Media Experts for Healthcare
- HIPAA Compliance Official (HIPAA Officer)
- Compliance Director
- Practice Manager
- Privacy Officer
- Security Officer
- Chief Information Officer
- Information Systems Manager
- Health Information Manager
- Healthcare Counsel/lawyer
- Office Manager
- Contracts Manager
- Chief Clinical Officer
- Human Resources
- Marketing Departments
Emails and text messages continue to grow popular amongst patients and covered entities. These methods of electronic communication are used as a way to discuss treatment, to market, and to engage the patient. And yet these methods of communication can be extremely unsafe. Interceptions, hackers, misdialed numbers can all result in stolen protected health information (PHI) and in HIPAA violations. All resulting in loss of patient privacy, identity theft and loss of funds for the covered entity. Today health records are more valuable than credit card numbers or social security numbers on the black market. As a health care provider or covered entity, it is your responsibility to safeguard PHI. It was once understood that emails and text messages were deemed appropriate if they were received from the patient. Since the Omnibus Rule, this has changed. Covered entities are responsible under HIPAA requirements for all PHIs in every email and text messages. The email or text message address alone is PHI as defined by HIPAA - regardless of the content. HIPAA requires that every covered entity has a “duty to warn” and has the responsibility of acquiring consent and keeping proper documentation. And yet this is not being done in a compliant way. Email and text message are subject to the HIPAA Security Rule transmission standard. Changes in the Omnibus Rule in 2013 further clarified the importance of proper usage of emails and text messages, examples of electronic transmission media. Oftentimes used as a method to transmit PHI, electronic transmission media is an area that covered entities need to develop and implement policies and procedures to ensure HIPAA compliance. HHS states 1. Covered entities have the “Duty to Warn” individuals on the risk of unencrypted transmission, and that warning is a necessary step in protecting their PHI. 2. Unencrypted emails and text messages may be sent only if the individual consents to receive them after being warned. 3. Documentation of consent is required. Through real world examples, Paul will delve into the ways to engage patients through emails and text messages. He will also teach you how to safeguard PHI throughout electronic transmission media, and set you on the path to HIPAA compliance.