Simple Compliance Steps for Email and Texting to Save Providers from Serious, Widespread HIPAA Violations

Training Options Duration: 90 Minutes
Friday, October 26, 2018 | 10:00 AM PDT | 01:00 PM EDT

Overview: The HIPAA Rules and HHS/OCR guidance provide a simple, easy to use 3 Step Safe

Harbor for using unencrypted email and text messaging to engage patients. This session will

explain the 3 Step HIPAA Safe Harbor. The secret is – HIPAA Rules are easy to follow, step-by-

step – when you know the steps.

Why should you Attend: Patient Engagement is a cornerstone of effective patient care.

Communication technology offers indispensable patient engagement tools. Secure patient portals

are available. So are encrypted text message and email products. But patients overwhelmingly

choose non-secure communication tools like text messaging and email.

Appointment reminders, healthcare instructions, patient satisfaction surveys, health and

wellness newsletters and recall reminders are just a few patient engagement tools sent

electronically by regular (unencrypted) email and text messaging.

The HIPAA Rules for sending Protected Health Information (PHI) by unencrypted electronic

transmission are clear – and new. The first became effective with the HIPAA Omnibus Rule

(September, 2013). Further, important guidance was published by the U. S. Department of Health

and Human Services in 2014 and 2016.

There is a simple 3 step HIPAA “safe harbor” that frees Covered Entities and Business

Associates from any responsibility or liability for unauthorized access to Protected Health

Information (PHI) in unencrypted emails and text messages during transmission and after receipt

by the patient.

There are widespread violations of the HIPAA Rules for communicating with patients by

unencrypted email and text message – largely because Providers and Business Associates just

don’t know the rules – and don’t understand what PHI really is – as defined by HIPAA.

Areas Covered in the Session:

A clear explanation of the simple 3 Step HIPAA Safe Harbor that protects Covered Entities and

Business Associates acting on their behalf from liability related to Patient Engagement by

unencrypted email and text messaging
What makes an email or text message subject to HIPAA law
A clear explanation of how HIPAA defines PHI – it’s not just information about, for example, a

diagnosis, disease, surgery or prescribed treatment
How a 2015 Federal Communications Commission Order about health care text messages added to

confusion and what it really means – the 3 Step HIPAA Safe Harbor is the only text message Safe

Harbor for Covered Entities and Business Associates
The interconnected liability of Covered Entities and Business Associates that provide

unencrypted electronic patient engagement services like appointment reminders – and both can

protect themselves

Who Will Benefit:
Hospital Trustees
C-Suite Executives
HIPAA Compliance Official
HIPAA Privacy Officer
HIPAA Security Officer
Health Information Technology Supervisor
Practice Manager
Risk Manager
Physical Therapist

Speaker Profile
Paul R. Hales received his Juris Doctor degree from Columbia University Law School and is

licensed to practice law before the Supreme Court of the United States. He is an expert on

HIPAA Privacy, Security, Breach notification and Enforcement Rules with a national HIPAA

consulting practice based in St. Louis. Paul is the author of all content in The HIPAA E-Tool,

an Internet-based, Software as a Service product for health care providers and business


Price – $139

Contact Info:
Netzealous LLC – MentorHealth
Phone No: 1-800-385-1607
Fax: 302-288-6884
Email: [email protected]
Webinar Sponsorship:
Follow us on :
Follow us on :
Follow us on :

Event Details

Registration is closed for this event.

Maurice Gilbert

Maurice Gilbert founded Corporate Compliance Insights in December 2008 to further the discussion and professional knowledge exchange of important, forward-thinking corporate governance, risk and compliance topics.

Related Post