Skip to content

Digital Communication and Patient Privacy

October 5, 2010
tags: , , , , ,

Dear Stoked Group,

I’m confused about changing HIPAA guidelines, and especially concerned aboutwhat the rules are as our office becomes more digital. Is it OK for me to use e-mail to communicate with patients and specialists? Is sending out an e-newsletter a violation of my patient’s privacy?

SB, general dentist, Spokane, WA

Dear SB,

You’re right: HIPAA guidelines seem to always be changing, as do the preferred communication methods of dental practices. It’s hard to know what is and isn’t admissible when it comes to issues of privacy as e-mail and digital communications become more common. SG checked with some very knowledgeable attorneys about the most up-to-date guidelines, so read on to learn when it is (and when it isn’t!) okay to use Protected Health Information (PHI) in your HIPAA-compliant practice.

First, some good news. HIPAA laws are clear that providers may use e-mail to electronically send PHI to other providers for treatment purposes. So feel free to attach those digital x-rays when you’re discussing Mrs. Smith’s impending root canal via e-mail with her endodontist.

You’re also able to communicate with your patients via e-mail about routine issues such as appointment reminders or to answer questions they may have about their treatment. E-mail, in this sense, may contain PHI as long as the dentist has taken reasonable precautions to ensure privacy. SG recommends sending your patient an initial e-mail to confirm the viability of the e-mail address before addressing the issue at hand, and further recommends including only the pertinent information instead of attaching a patient’s entire file.

Next, let’s look at the HIPAA rules about sending newsletters to patients. Current guidelines require health care providers to obtain patient authorization when a communication is considered “marketing,” defined here as “to make a communication about a product or service that encourages recipients of the communication to purchase or use the product or service.” At first glance, then, it might seem like you need patient authorization for any type of newsletter. However, there are exceptions, noted in the chart below:

If you look carefully at the right side of the chart, you’ll see that you don’t actually need authorization to send newsletters to your patient base, as long as you’re careful to talk only about the products or services that your office is making available to your patients. As a health professional, you’re also entitled to provide general health and wellness advice, but be careful about promoting specific brandsor products.

For example, you may want to encourage your patients to seek out sugarless alternatives for Halloween treats – and this is fine. But instead of directly mentioning, say, xylitol suckers as an alternative, it’s safer to encourage your patients to ask your staff about sugarless alternatives and only mention the xylitol suckers when they’ve asked. This way, your practice isn’t using its newsletter to directly recommend xylitol products.

Another option is to provide an embedded link within your electronic newsletter, which allows the patient to seek out more specific information. If your practice is touting the health benefits of gluten-free living, you could encourage readers to “click on the link below” for local stores that stock gluten-free products. Now, instead of using their PHI to market certain products or stores, your patients have essentially asked for your recommendation, and you have provided it with their permission.

So, write on (and hit send) about your new CEREC machine, your star hygienist, your extended office hours, and your dental health tip of the month. But stay awayfrom promoting a certain brand of toothpaste, and definitely don’t write a glowing review of that Sonicare toothbrush the rep gave you for free.

Before your newsletter goes to press, SG wants to remind you that, because patient names, addresses, and contact information are considered under HIPAA guidelinesto be PHI, you should never share or disclose your newsletter distribution list to a third party. Also, to make sure your message of dental health is welcome in every in-box in which it lands, be sure to offer patients the ability to opt out of the communication at any time.

If you’re ready to ramp up your HIPAA-approved electronic communications, keep the flow chart handy, and know that SG is here to help you craft a newsletter that will promote your practice without breaking any privacy laws!

from → General Business, Marketing, Online Management
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

  • SG on Twitter

  • Archives

    • Follow

    Get every new post delivered to your Inbox.