HIPAA and patient portals

I recently wrote an article about the importance of physician offices having a patient portal and how to implement such a portal. An attorney wrote me the following email reminding me about a HIPAA issue relating to patient portals; thought you might be interested in his reponse:

Just a quick note to compliment you on the patient portal item.  I’ve had recent communications with several health care attorneys and there is one HIPAA issue that I think you need to emphasize when your clients ask you about patient portals.  HIPAA requires a “security assessment” when a patient portal is implemented and, if that is not done and PHI is lost (even inadvertently), the feds could impose a hefty fine.

A recent case against an Anchorage provider reiterates the HHS position on updating training, security assessments and policies and procedures on a routine basis.

Scott Chase
Law Offices of J. Scott Chase
Board Certified, Health Law, Texas Board of Legal Specialization
Dallas, Texas
214-880-0404
email:  schase@airmail.net

About the Author

Reed Tinsley CPA

This article is written by Reed Tinsley, a Houston, TX-based CPA with over 30 years of experience advising physicians and medical practices across Texas and the United States. Reed holds certifications as a Certified Valuation Analyst (CVA), Certified Healthcare Business Consultant (CHBC), and Certified Financial Planner (CFP), specializing exclusively in the healthcare sector. He is a published author, nationally recognized speaker, and trusted advisor to physicians on accounting & tax, practice management, and financial planning. Schedule a Free Consultation.