As patient communication evolves, it is essential to understand HIPAA rules for different communication tools. Depending on how your chiropractic practice communicates with patients, the rules differ. Learn best practices in healthcare communication and how to avoid common communication errors.
Rules for HIPAA Compliant Communication
The HIPAA regulation dictates best practices in healthcare communication. Regardless of the communication method (such as phone, text message, mail, or email), it must fully comply with HIPAA rules and regulations. Before using respective tools to communicate with patients, confirming a patient’s contact information (mailing address, email, phone number) is essential. Written patient consent is required for certain communication tools before use, and before using some tools, you must have a signed business associate agreement (BAA).
How can you use different communication tools in your chiropractic practice while maintaining HIPAA compliance?
Patient Phone Calls
When making phone calls to patients, other than simple appointment reminders, the patient must sign a consent form. This is because it can be challenging to confirm the patient’s identity via phone. Someone other than the patient themself may likely answer the patient’s phone. Additionally, when leaving a voicemail, limiting the information left in the message is important. Voicemails can be easily overheard, leading a patient’s family members or friends to hear sensitive treatment information that the patient does not want shared with others. Information appropriate to leave on a voicemail includes the patient’s name, the doctor’s name, and a call-back number.
Texting with Patients
Traditional text messaging (SMS) does not have the required security measures to adequately protect protected health information (PHI). Therefore, SMS is not HIPAA compliant and cannot be used as means of patient communication. Other popular texting platforms such as iMessage and Whatsapp are also not compliant as the software providers don’t sign BAAs. There are, however, texting platforms designed explicitly for healthcare businesses. These platforms can be used for HIPAA compliant texting provided your practice secures a signed BAA with them before its use, and employees correctly use the texting platform (only authorized employees should have access to the platform, and employees should be trained on the appropriate use of the platform to avoid accidental PHI exposure).
Sending PHI Through Mail
There have been instances in which healthcare providers have sent patient information to the wrong patient. To avoid the wrong patient receiving the correspondence, it is crucial to double-check a patient’s address before sending them anything containing PHI. HIPAA also requires patient information to be sent through certified mail or a similar service that requires a signature. Since standard mail cannot be tracked to confirm receipt, it is not HIPAA compliant.
Emailing Patients
Generally, it’s not recommended to communicate with patients through email. However, it is permitted with written patient consent. Since the patient is unlikely to use a secure email service, the provider must also warn the patient of the cybersecurity risks associated with email. Lastly, healthcare providers must use a HIPAA compliant email encryption service when sending PHI through email.
Compliancy Group’s simplified software solution, coupled with Compliance Coach® guidance, help chiropractors achieve HIPAA compliance with ease. With Compliancy Group, ACA’s Preferred HIPAA Solution, chiropractors can be confident in their compliance program. Find out more about Compliancy Group and HIPAA compliance.
Image credit: Photo by Marek Levak
