The following question was posted to the Academy of Dental Practice Management Consultants which Linda and I belong to. I thought you would all want to know the answer.
How specific can email to patient be reminding them about treatment? Can you mention specific treatment needs or only make a general statement to contact the office? Is this covered under HIPAA?
The answer below is from: Linda Harvey, MS, LHRM, DFASHRM •
Email is a great source of confusion for everyone.
HIPAA requires that patient info must be kept secure. Regular email transmission which includes responding to email received from patients is not secure.
That being said, there are several options:
1) use a secure portal such as eDossea or subscribe to a service thru Eaglesoft or Dentrix (I believe they both offer such a service).
2) use an email encryption service (there are free ones)
3) implement an office policy that limits what you are allowed to email to patients such as appointment confirmation. I just met the Practice Administrator who said they have a strict policy against emailing patients or responding to patient emails.
4) get the patient’s permission to communicate via unencrypted email. This is an important piece of information one can gather on the Acknowledgement Form new patients sign. BUT, I would still limit the type of information emailed.
Referring back to your question about treatment, I would not mention specific treatment in an email. For example, an email reminder that the pt has unused benefits would be better than saying “are you ready to schedule for those extractions and implants.”
HIPAA is quite serious about enforcing the regulations; plus the random audits are in full force. Have already met one dental Business Associate that was audited. I just got back from Tampa working with a doctor whose staff gave a patient the wrong records on a CD…patient then complained to the Office of Civil Rights. They are now under investigation and have a narrow window to correct and reply to the complaint.
Linda Harvey is a great source of information regarding risk management and being HIPAA compliant. If anyone needs a speaker for a study club she would be fabulous! Her website is: http://www.lindaharvey.net
Happy Valentine’s Day to all!