3DJH ARTICLE BY: Nancy Rausman 08 January 2018 Millions of Americans search online for healthcare informaƟon, so digital markeƟng is crucial to your growth. But digital media treads a thin line between connecƟng with paƟents and violaƟng HIPAA regulaƟons. Here are some best pracƟces to ensure your digital strategies are HIPAA compliant: Website Data on any forms provided on your website must be encrypted. Do this by using an EHR for communicaƟng with paƟents or installing an SSL (secure sockets layer) cerƟficate on your server. Your server should have anƟvirus protecƟon, a firewall, offsite backup, OS patch management and encrypted server data. Lastly, you must have an up-to-date privacy policy wriƩen on your site. Social Media Social media is parƟcularly risky. You have to ensure that outgoing messages refrain from disclosing personal health informaƟon (PHI) but you may also have people reaching out with medical queries. The rule of thumb is to treat non-paƟents like paƟents and protect their PHI in the same way. Keep public answers general. Avoid engaging in discourse about specific treatments, condiƟons or experiences and invite parƟes to call you. Keep in mind that personal idenƟfiers go beyond a name and a face and can include a date, locaƟon, contact informaƟon or any other idenƟfiable numbers or informaƟon. Keep personal accounts separate from office ones and ensure all staff are trained. E-Mail General email markeƟng is not problemaƟc but when a paƟent or potenƟal paƟent emails your office, keep responses generic and invite them to call the office. Recommend that personal informaƟon not be disclosed via email. Online Reviews If a paƟent offers PHI in the public sphere, this doesn’t mean they consent to you confirming their status as a paƟent. If a paƟent reviews your pracƟce online, do not confirm their paƟent status in your response. Nevertheless, it’s important to respond to reviews. In the case of a negaƟve review, reply that your office takes customer saƟsfacƟon seriously and invite the reviewer to call the office. Keep in mind that in the digital media age, correspondence is easy, public and in many cases, permanent (meaning it can’t be deleted or erased). It’s also very easy for PHI to inadvertently be exposed. Make it an office policy to keep any specific correspondence to secure networks, phone or in-person communicaƟon. Lastly, encourage your staff to stop and ask if they are unsure about how to proceed. This arƟcle originally appeared in the January 2018 ediƟon of INVISION. Being HIPPA Compliant Online Eye Exam Fights Spreads to Another State ARTICLE BY: INVISION Staff 04 February 2018 A new bill targets services offered by OpternaƟve and other firms. The baƩle over online eye exams has spread to Kentucky. A proposal to limit such exams is making its way through Kentucky's legislature, the Associated Press reports. If the law is passed, it will require paƟents to interact with an eye doctor in real Ɵme. And it will prohibit prescripƟons for paƟents who haven't, at some point in the past two years, had an in-the-flesh eye exam, according to AP. The bill targets services provided by OpternaƟve, Simple Contacts and other companies that offer mobile eye exams via smartphone app. Several states have already passed legislaƟon regulaƟng such services. "There are no standards or required safeguards for ciƟzens of Kentucky as they receive prescripƟons through these applicaƟons," said Ben Gaddie, former president of the Kentucky Optometric AssociaƟon, according to AP. But Peter Horkan of OpternaƟve said the measure will "put so much red tape on the telehealth plaƞorm that it will shut down all of the companies that parƟcipate in Kentucky," WEKU-FM reports. Read more at the Associated Press