Connect with us

Columns

Following These Simple Strategies Will Keep You HIPAA-Compliant

Here are some best practices in four key categories.

mm

Published

on

Following These Simple Strategies Will Keep You HIPAA-Compliant

MILLIONS OF AMERICANS search online for healthcare information, so digital marketing is crucial to your growth. But digital media treads a thin line between connecting with patients and violating HIPAA regulations. Here are some best practices to ensure your digital strategies are HIPAA compliant:

Website

Data on any forms provided on your website must be encrypted. Do this by using an EHR for communicating with patients, or installing an SSL (secure sockets layer) certificate on your server. Your server should have antivirus protection, a firewall, offsite backup, OS patch management and encrypted server data. Lastly, you must have an up-to-date privacy policy written on your site.

Social Media

Social media is particularly risky. You have to ensure that outgoing messages refrain from disclosing personal health information (PHI) but you may also have people reaching out with medical queries. The rule of thumb is to treat non-patients like patients and protect their PHI in the same way. 

Keep public answers general. Avoid engaging in discourse about specific treatments, conditions or experiences and invite parties to call you. Keep in mind that personal identifiers go beyond a name and a face and can include a date, location, contact information or any other identifiable numbers or information. Keep personal accounts separate from office ones and ensure all staff are trained.

Advertisement

Email

General email marketing is not problematic but when a patient or potential patient emails your office, keep responses generic and invite them to call the office. Recommend that personal information not be disclosed via email.

Online Reviews

If a patient offers PHI in the public sphere, this doesn’t mean they consent to you confirming their status as a patient. If a patient reviews your practice online, do not confirm their patient status in your response. Nevertheless, it’s important to respond to reviews. In the case of a negative review, reply that your office takes customer satisfaction seriously and invite the reviewer to call the office.

Keep in mind that in the digital media age, correspondence is easy, public and in many cases, permanent (meaning it can’t be deleted or erased). It’s also very easy for PHI to inadvertently be exposed.  Make it an office policy to keep any specific correspondence to secure networks, phone or in-person communication. Lastly, encourage your staff to stop and ask if they are unsure about how to proceed.

Advertisement

SPONSORED VIDEO

SPONSORED BY VARILUX

The Best Overall Progressive Lens, Now Powered by AI

Engineered with Behavioral Artificial Intelligence and utilizing new XR-motion™ technology, Varilux XR series goes beyond prescription and eye physiology to consider the patient’s visual behavior and design a progressive lens that respects how
their eyes naturally move.

Varilux XR series comes in two versions, Varilux® XR design and Varilux® XR track. The Varilux XR track lens provides an additional level of personalization by incorporating the exclusive Near Vision Behavior Measurement, providing up to 25% more near vision width3 according to the patient’s need, so patients get the highest level of customization.

Discover Varilux XR series and enjoy instantly sharp vision in motion4 and seamless transitions from near to far.

For more information, visit here.

Promoted Headlines

Advertisement

Advertisement

Advertisement

Subscribe

INVISIONMAG.COM
BULLETINS

Get the most important news and business ideas for eyecare professionals every weekday from INVISION.

Instagram

Most Popular