I recently wrote an article about the importance of physician offices having a patient portal and how to implement such a portal. An attorney wrote me the following email reminding me about a HIPAA issue relating to patient portals; thought you might be interested in his reponse:
Just a quick note to compliment you on the patient portal item. I’ve had recent communications with several health care attorneys and there is one HIPAA issue that I think you need to emphasize when your clients ask you about patient portals. HIPAA requires a “security assessment” when a patient portal is implemented and, if that is not done and PHI is lost (even inadvertently), the feds could impose a hefty fine.
A recent case against an Anchorage provider reiterates the HHS position on updating training, security assessments and policies and procedures on a routine basis.
Law Offices of J. Scott Chase
Board Certified, Health Law, Texas Board of Legal Specialization