HIPAA and patient portals

I recently wrote an article about the importance of physician offices having a patient portal and how to implement such a portal. An attorney wrote me the following email reminding me about a HIPAA issue relating to patient portals; thought you might be interested in his reponse:

Just a quick note to compliment you on the patient portal item.  I’ve had recent communications with several health care attorneys and there is one HIPAA issue that I think you need to emphasize when your clients ask you about patient portals.  HIPAA requires a “security assessment” when a patient portal is implemented and, if that is not done and PHI is lost (even inadvertently), the feds could impose a hefty fine.

A recent case against an Anchorage provider reiterates the HHS position on updating training, security assessments and policies and procedures on a routine basis.

Scott Chase
Law Offices of J. Scott Chase
Board Certified, Health Law, Texas Board of Legal Specialization
Dallas, Texas
email:  schase@airmail.net

Have questions? I’m here to help.