The answer isn’t as black-and-white as you think.
Dentists are going digital. While the practice of dentistry is one that requires close in-person contact, more and more dentists are using technology to communicate with, and about, patient care. And for good reason - a quick text message or email to a patient about an appointment reminder or billing problem is quick and efficient. But as easy as they are, emails and text messages fall under HIPAA law and are subject to their rules and regulations.
Violating HIPAA law can carry heavy consequences, including costly fees or even license suspension. It’s important for dentists, and all healthcare providers, to know how HIPAA applies to emails and text messages and take the proper steps to protect themselves and their patients.
The HIPAA Security Law
HIPAA controls a dentist’s use of emails and text messages under The HIPAA Security Law. This law requires that dental offices put security measures in place to protect patient information when it’s shared digitally. The law has 3 separate parts - Technical, Physical, and Administrative - that define rules, requirements, and policies that must be used when transmitting protected patient information. The goal is to keep patient information confidential, protect its integrity, and make it available to authorized users. It’s important for all dentists to know and abide by The HIPAA Security Law when using email and text messages to discuss patient care.
Under The HIPAA Security Law, the protection of patient data is required for any information that is unique to a patient and can identify them. This is called “Protected Health Information” and it includes things such as social security numbers, birthdates, patient records, X-rays, etc. Any communication of this information, including over email and text messages, is covered under HIPAA law.
For more information on the HIPAA Security Law, visit this website.
How Can I Comply With HIPAA?
HIPAA doesn’t expressly forbid the use of emails and text messages in your dental practice. But there are a few rules for using them to discuss patient information that you must follow. Here are the best ways to comply with HIPAA requirements for emails and text messages:
Secure your Network
Your office network must be secure before you can discuss patient information digitally, even with other members of your staff. That means that security measures must be in place to prevent unauthorized users from accessing your data when sending emails or messages within your office. Data encryption and password access are common ways to secure your network. Most dentists have a secure office network, but if you’re using the Free WiFi from next door or you skipped the security phase when setting up your software, then you’re probably not HIPAA compliant. Our network security solutions can help secure your network and protect your data from unauthorized access.
Secure Your Server
A secure email server is a key requirement when sending emails that contain protected health information, especially if they are being sent to providers outside of your office. Secure email servers encrypt messages to keep unintended recipients from accessing your data. Keep in mind that most web-based email servers (such as Gmail or Outlook) are not automatically secure. If you are using an unsecured server, do not include any protected health information in your emails. Bis Solutions offers email security solutions to protect your data and keep your office HIPAA compliant when using email.
Do Not Email Personal Accounts
Personal email accounts are not secure enough to comply with HIPAA requirements. You should never email protected health information to a personal email account. This includes your personal email account, too - if you need to take work out of the office, use an encrypted flash drive or a secure remote connection such as our Bis Cloud Sync.
Use A Secure Messaging System For Texts
Text messages are an easy way to communicate with, and about, a patient. But text messages are a HIPAA violation waiting to happen if they aren’t sent correctly. Text messages are not secure or encrypted, are easily intercepted, and are stored on unauthorized servers (such as wireless carriers). Plus, we all dial the wrong number sometimes! You should never send protected patient information over a standard text message, whether to the patient, a member of your staff, or another provider.
The solution is to use a secure messaging system. These types of systems require authorization in the form of passwords or authentication keys to access messages. The messages are encrypted without the correct access information. If a secure messaging system is used, protected health information can be sent through text messages. One example would be a patient portal. There are also secure messaging systems that can act as apps for easy access.
Get Patient Authorization
This is perhaps the most important step you can take to be HIPAA-compliant. Even if your office uses the above security measures, it’s important to ask for, and document, a patient’s preferences about how their protected health information is communicated. Giving them the choice to decline or consent to emails and texts is crucial to complying with HIPAA law.
The best way to do this is with a communication waiver that is completed by all patients. You should keep their preferences on-file and have them updated periodically. Further, HIPAA requires that patients who choose to receive unsecured messages be properly informed of the risks to their information. Be sure to include a thorough explanation of their options and the risks that come with them in your waiver.
Emails and text messages are an easy, convenient way to communicate with and about patient care. By putting these simple measures into place, dentists can use emails and texts to streamline their practice while staying on the right side of the healthcare law.
If you need help getting your practice HIPAA-compliant, let the professionals at Bis Solutions help! Our range of software programs and security services can protect your patients and your practice from cyberattacks and legal problems. Contact us today!
Phillip Long - CISSP, CEO of BIS Technology Group, along with his team of marketing and information technology experts, will walk you through an overview of what your business should be doing to protect your data and plan your digital marketing strategies.
About BIS Technology Group
BIS Technology Group is the technology leader on the Gulf Coast and is comprised of four divisions: Information Technology, Web Design & Digital Marketing, Office Equipment and Business Consulting. Together these divisions help local businesses exceed expectations and allow them to group to their full potential while minimizing risks. To learn more about BIS Technology Group, visit bistechnologygroup.com.
You may reach out to us at: