From the November 2011 issue of HealthCare Business News magazine
When selecting an EHR system, look for technology certified by organizations such as the Certification Commission on Health Information Technology (CCHIT), which verifies that EHRs have built-in functionality to ensure security of PHI. More information about CCHIT is here: http://bit.ly/m5fcAl.
BE SMART WHEN COMMUNICATING WITH PATIENTS AND FELLOW PHYSICIANS
Online communication with patients, especially though email, is becoming increasingly popular. Physicians using email to communicate with patients have found that email improves patient, physician and staff satisfaction; increases efficiency; and strengthens the doctor-patient relationship. In addition, peer consultation and referrals of patients to specialists are being managed electronically. To safeguard patient information when communicating with others electronically, establish policies and procedures:
Ad Statistics
Times Displayed: 109945
Times Visited: 6642 MIT labs, experts in Multi-Vendor component level repair of: MRI Coils, RF amplifiers, Gradient Amplifiers Contrast Media Injectors. System repairs, sub-assembly repairs, component level repairs, refurbish/calibrate. info@mitlabsusa.com/+1 (305) 470-8013
*Prohibit the transmission of PHI via instant messaging or other peer-to-peer software.
*Always validate the email address of the recipient and be certain emails containing PHI are properly encrypted, pursuant to HIPAA.
*Establish informed consent before communicating electronically with a patient. Including a “privacy policy for messages” in your HIPAA Notice of Privacy Practices form can fulfill this requirement.
UNDERSTAND REQUIREMENTS FOR WORKING WITH BUSINESS ASSOCIATES
HIPAA defines a “Business Associate” as any company or person outside of your practice that: (1) performs services on your behalf, and (2) requires the use or disclosure of PHI in order to complete the tasks they are contracted to execute for you. This can include lawyers, transcription agencies, billing companies and computer support personnel. Before sharing paper or electronic PHI with Business Associates, both parties should execute an agreement that includes:
*A confidentiality clause that holds the Business Associate accountable for protecting PHI in the course of the work it does on behalf of your practice.
*Statements that the Business Associate:
*Cannot use or further disclose the information in a manner that violates the HIPAA privacy rule.
*Must safeguard the information from any use or disclosure other than provided in the agreement.
*Must report any use or disclosure of information not provided for by the agreement.
*Must ensure that any agents, including subcontractors that receive PHI, comply with similar restrictions and conditions that apply to the Business Associate.
