Technology is only the first step in the launch of a patient portal; administrators must make subsequent decisions about everything from patient login protocols to patient record revisions.
Stage 2 of meaningful use requires that at least 5% of patients view, download and transmit their health-care information and also send secure electronic messages to their health-care provider. Even though that number is lower than the original objective of 10%, the rule is causing many health-care providers anxiety.
First, what are records? HIPAA’s “right of access” rules say patients are entitled to their “designated record set,” which includes medical and billing records, but health care providers must also provide access to “other records used to make decisions about a patient.”
Second, how do you provide access? You’ll have to give patients access to their records in the form that they request, even if it’s by email, and emailing records is against your policy. “The law trumps policy,” in the words of one health-care consultant.
Third, how do you protect a patient’s privacy? For example, how do you provide account logins? Patient records must be secure, of course, but securing them by making password requirements complex may create the impression that you’re denying access to records.
In addition, HIPAA’s right of amendment gives patients the right to request the amendment of their records, and those requests could increase significantly after your patient portal is deployed. Do you have the staff to handle those requests?
If you are looking for a patient portal, or would like to learn how to adapt one for your practice, please contact us today.