Forms That People Actually Like


a division of The Highland Group, LLC

 

So, what is ePHI anyway?

It’s a lot more than you probably think.

HIPAA defines the following identifiers as not being part of the “limited data set” that are excluded from privacy considerations:

  • Name
  • Street address
  • Phone number
  • Fax number
  • Email address
  • Social Security number
  • Medical Record number
  • Health plan beneficiary number
  • Account number
  • Driver’s license number
  • VIN number
  • License plate number
  • IP address


Contact Us

Contact Us

Privacy, Privacy, Privacy

HIPAA Compliant

It’s hard for many of us to remember what the days before HIPAA were like, when access to patients’ health info was fair game for just about anyone. Medical and dental offices may grumble about the complications HIPAA added to their practices, but it was obviously a law whose time had come.

There are many aspects to the original rules, as well as those added through HITECH and Omnibus (and whatever comes next...) – our intent is to make sure that any of the requirements that apply to the forms on your practice website are followed to the letter.

PatientFormsThere are two areas where healthcare practices can get into HIPAA trouble – unsecured patient forms and email. If all you provide are non-submittable PDF forms on your website, there’s no privacy issue. If, however, you opt for the convenience and speed of online patient forms, they must follow a rigid set of rules set forth by HIPAA.

To begin with, they must reside on a secure URL (one starting with https://) – this assures the patients that they are in fact on your website and not filling out a renegade form that’s attempting to capture their data. Next, the form should submit the patient’s entries in an encrypted format, directly to a secure server. Please note that regular email is not a secure way to send anything. And even if you employ secure email for form submittal, there are a host of conditions to fulfill regarding the way you store this info.

Our Secure Forms Program provides a fully HIPAA-compliant method of patient form submission, storage and retrieval. We know of no other way to shortcut this procedure and still be compliant.

“What your doctor won’t tell you about...”

Nobody likes spam email. Ever wonder how spammers get hold of your email address, and why it’s so hard to get off?

Let’s look at a common scenario. Someone hacks into your practice’s email account and harvests all your incoming and outgoing email addresses (and maybe even the message contents themselves). They then have a list of valid email addresses that were used in connection with a physician’s or dentist’s office. All it takes now is to contact one of the unethical list brokers they work with and make a sale, and your patients start getting spam emails targeting the diseases your office treats. If your patients then put two and two together...

“We’re contacting you to notify you of a breach of your Protected Health Information...”

We’ll bet you know what happens to your practice next.