Web site question: HIPAA compliance

D

Dave Navarro

I have an Eye Doctor who want patients to be able to make appointments
via his web site. The majority of his patients are on Medicare (this is
Florida).

The form is behind a secure certificate, however my question has to do
with getting the appointment information to the doctor and his staff.

Is an Eye Doctor required to meet HIPAA compliance? The only personal
information collected is the patients name and contact info. No medical
history is collected or kept by the web site.

Can the appointment time and patient contact info be sent to the doctor
by unsecured email? Or should they be required to log into their secure
site in order to retrieve that information?

I've been to several HIPAA web sites, but I can't get a clear
understanding of what information is required to be secured.
 
N

Neal

Is an Eye Doctor required to meet HIPAA compliance?

I don't know whether compliance is *mandated* or not, but whenever you're
talking about this sort of transaction, where a user might expect to give
sensitive information (even if ultimately he does not), providing a
totally passworded and secure connection is important. I advise the doctor
to go all out in making this a secure communication.
 
K

Karl Groves

Is an Eye Doctor required to meet HIPAA compliance? The only personal
information collected is the patients name and contact info. No medical
history is collected or kept by the web site.

Yes, an eye doctor is required to meet HIPAA, afaik
Can the appointment time and patient contact info be sent to the doctor
by unsecured email? Or should they be required to log into their secure
site in order to retrieve that information?

IMO, you should require the doctor/ his staff to log-in to their secure site
to download the information.
Perhaps you can send them an e-mail saying "New appointment request for B.
Jones has arrived"?

-Karl
 
N

Nick Theodorakis

[...]
Is an Eye Doctor required to meet HIPAA compliance? The only personal
information collected is the patients name and contact info. No medical
history is collected or kept by the web site.

Can the appointment time and patient contact info be sent to the doctor
by unsecured email? Or should they be required to log into their secure
site in order to retrieve that information?

As far as I understand it (which may not be very far) just letting
someone find out that a certain person is a patient of Dr. Foobar
(without the patient's permission) may be itself a violation of HIPAA
guidelines.

I've been to several HIPAA web sites, but I can't get a clear
understanding of what information is required to be secured.

That's all right. Nobody understands it.

Nick
 
S

Sharon

As far as I understand it (which may not be very far) just letting
someone find out that a certain person is a patient of Dr. Foobar
(without the patient's permission) may be itself a violation of HIPAA
guidelines.

Yes, it is. Unless you have a disclaimer statement saying that use of the
website constitutes and agreement to disclose this info. Or you have an
area of the website where the person makes a choice to disclose their
information to the public.
 
D

Dave Navarro

Thanks to everyone who responded.

The doctor is in the process of upgrading software and procedures in the
office to meet HIPAA compliance and I got a chance to talk with their
consultant.

Patient related data, even if it's as simple as an appointment time,
must be transmitted securely or using codes.

The new software used by the doctor supports coded emails for
appointments, so I will be able to email the information to the doctor
as such:

T012133 20040608 13:30:00

Which the nurse or office assistant can cut from the email and paste
into their scheduling software. The first item is the coded patient ID,
the second item is the date and the third item is the time.

We're discussing the possibility of using a VPN to connect directly to
the SQL database in the doctor's office to update it.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top