Technology. We love it and hate it as we build our private practices. Those of us working to maintain confidentiality and comply with HIPAA requirements struggle to find secure online tools to communicate with clients. It seems almost every day a new data breach is being reported. The HIPAA government policy states that we must “Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity or business associate creates, receives, maintains, or transmits.” While that statement doesn’t specifically say WHAT safeguards must be in place, we can offer some suggestions. After lots of research and a survey of clinicians, we came up with a list we think covers all the basis. We recommend them because we love their product and we use their services. As affiliates, we may get a commission at no extra cost to you. We think this list of tools is the last word on what you need to decrease liability and increase security.
- Consider a HIPAA compliant email for electronic communication. We recommend Hushmail for my email so that communication is encrypted and more secure. They have a service specifically for healthcare providers. If you are emailing another Hushmail user, the message is automatically encrypted. This is perfect at my group practice as I am sending new client information to other clinicians. If you are emailing someone who doesn’t use Hushmail, they will read the message on a secure webpage.
- Use a secure fax line for file transmissions. If you don’t have an actual fax machine, we recommend SRFax.com for secure faxing. They also have a plan specifically for healthcare providers, and at only $7 a month, it’s an easy investment to keep communication secure. If you are taking insurance, this is a quick and easy way to send in your claims and keep HIPAA compliant.
- Look into an online client management system that includes a client portal. We recommend TheraNest. You can read more about other aspects we love about TheraNest.
- Include a technology statement in the informed consent. Specifically explain that while no technology is completely secure, you have certain precautions in place. Also address your social media policy in your informed consent.
- Include a statement on your email and website so people know their communication is not considered to be confidential if they are communicating through technology. This is something I also tell clients in our initial session so they are aware of the limits of secure communication.
Technology will continue to change, quicker than we can keep up with it. We can protect our online communication to maintain security and our peace of mind.