Stephen P. Williams, JD
Haynsworth Sinkler Boyd, PA
Greenville, S.C
swilliams@hsblawfirm.com
864-240-3320 www.hsblawfirm.com

HIPAA



Federal law that covers the “personal health information”, also known as “protected health information” or “PHI” that is stored, communicated or maintained in an electronic format by a “covered entity”
PHI generally refers to demographic information, medical history, test and laboratory results, insurance information and other data that is collected by a health care professional to identify an individual and determine appropriate care
Covers virtually all information held by physicians, hospitals, and all other healthcare providers

HIPAA

Specifically required the written permission of a patient to release the information and the covered entity can only release the minimum amount of information required to respond to a specific request covering a specific time period as requested in writing by the patient.

HIPAA


Exceptions to the written consent to release requirement:
A covered entity may release information necessary for:


 treatment of the patient payment to the covered entity operation of the covered entity

HIPAA

HIPAA also provides for minimum security standards for the electronic equipment utilized by the covered entity for storage, retrieval, and transfer of the actual electronic protected health information

HIPAA

Business Associates

HIPAA requires written agreements between covered entities and vendors, consultants, accountants, attorneys, etc. who utilize the protected health information to provide a service to the covered entity

Specific Hazards

E-mail

Secure servers with HIPAA 128 bit encryption





Yahoo, Hot Mail, G-Mail, MSN, etc.
Authentication
Completeness of the conversation
Where is the physical location of the recipient?
Home? Office? Spouse’s Office?
Instant Messaging

Specific Hazards

Text Messages

Encryption



Authentication
Completeness
Messages are on the phone forever?

Specific Hazards

Telephonic Communication

Identity of the other end of the conversation

Phone messages

Specific Hazards


Social Media
Facebook messaging


Authorizations should include:

Identifying info:




DOB
SS# (last 4 digits)
Insurance Policy number
Photo ID





Info to be released
Street address
Telephone #, e-mail address to be used
Signature of patient or legally authorized representative
Witnesses

Special Considerations






Encryption for all e-mail, phones, text services
Delegation of communication responsibilities to specific individuals
Description of Privacy Practices
Duties to disclose unauthorized transfer
Marketing prohibitions
Be aware of “forwarding” issues

Special Considerations


Leaving messages to return calls or e-mail
Remind patients of their duty to help




Don’t use employer’s email or phones
Educate patients about risks of e-communication
Make sure your malpractice coverage covers ecommunication
Ask specific questions of your vendors

Special Considerations





Print all messages and place in patient’s chart!
Don’t speak about third parties in e-mails or text messages
Under current federal rules, e-mail messages are almost never deleted!
Learn how bcc works
Never use e-mail for STD status, mental health status, marital issues, child custody issues