In a busy practice, your biggest concern is providing the best possible care for your patients. And, with all the craziness of your daily routine, things like HIPAA compliance can sometimes get ignored. Keeping your staff up to date with HIPAA training and maintaining compliance with your optometry software is a critical part of practice security.

But really, HIPAA compliance has a lot of fine lines and can get pretty confusing. So today we want to clear up the answers to three common HIPAA questions with help from the Department of Health and Human Services.

Answering 3 of Your Toughest HIPAA Questionsundefined

By way of the Security Rule, can practices send electronic patient health info in an email or over the Internet?

The Security Rule doesn't strictly prohibit the use of email for sending electronic patient info. But, the standards for access control, integrity, and transmission require you to implement appropriate policies and procedures to restrict access and protect against unauthorized access to secure information. So to protect your practice you should evaluate your use of open networks, identify ways to protect transmitted information, and document it! 

How should small providers implement these Security Rule standards?

A good place to start is by assessing your security risk and the vulnerabilities about the processes and systems currently in place in your practice, and how you go about mitigating those risks. Once the assessment is complete you will have a better idea of the changes that might need to be made. Plus, the Security Rule allows your practice to use any measure that helps you protect health info, and they take into consideration your size, capabilities, and costs. 

What about the Privacy Rule? Does that allow practices to use email to discuss health info and treatment with patients?

The Privacy Rule allows practices to communicate electronically, including via email, with patients provided they apply appropriate safeguards for doing so. Some safeguards include checking email addresses for accuracy before sending information, and sending email alerts for confirmation before sending. The Privacy Rule doesn't prohibit the use of unencrypted email for treatment related communication, but you'll want to ensure your communication is in compliance with the Security Rule requirements discussed earlier.