Description:

HHS and CMS have confirmed the requirement that all Emails and Text Messages containing Protected Health Information (PHI) must be encrypted. There is only one exception. Patients have the absolute right to communicate with Covered Entities by unencrypted email and text message. If the patients have been informed, there is some risk, and they prefer using unencrypted electronic transmissions.

It also will explain when Emails and Text Messages containing PHI must be encrypted and the simple 3 Step HIPAA Safeguard that fully protects Covered Entities from HIPAA violations when communicating with patients by unencrypted email and text message – even if the unencrypted transmission is intercepted.

The Internet is awash with misinformation about Health Care Email and Text Messaging that can lead Covered Entities into serious trouble. OCR guidance clearly explains how Covered Entities must comply with a patient's right to communicate by unencrypted Email and Text Messaging.

HIPAA allows covered entities and their business associates to communicate e-PHI with patients via emails and texts if either the emails and texts are encrypted and are otherwise secure or the covered entity or business associate first warns the patient that the communication is not secure. The patient elects to communicate via unsecured email or text, anyway. When communicating with non-patients, the covered entity or business associate must generally ensure that its email or texts comply with relevant Privacy and Security Rule standards.

This webinar will explain the simple 3-step HIPAA Safeguard that fully protects Covered Entities from HIPAA violations even when an unencrypted Email or Text Message is intercepted in transmission.

Areas Covered:

• Overview- Key Takeaways
• When You Must Encrypt Emails and Text Messages with PHI - Exception
• Why is this so important?
• Temptations
• HIPAA Rules for Email & Text Messaging
• Key Definitions
• 3-Step Safeguard ? Patient Emails & Text Messages
• TCPA and the Effect of April 1, 2021, Supreme Court Decision
• When and Why You Must Encrypt
• Tips for Enterprise-wide Compliance

Why Should You Attend:

Email and Text Messages are Electronic Transmissions of information over Electronic Communications Networks like the Internet, Cell Phone Networks, and telephone "dial-up" lines. Email and Text Messages of Protected Health Information (PHI) between a Covered Entity and an Individual (the person whose PHI is being transmitted) are subject to Privacy Rule Safeguards and the Security Rule Transmission Security Standard. Before using unencrypted Email or Text Messaging to communicate with an Individual, a Covered Entity has the "Duty to Warn" the Individual. There is a risk that a third party could read the information in the Email or Text Message. Suppose the Individual is notified of the risk and prefers Unencrypted Email or Text Message communication. In that case, the Individual has the right to receive PHI that way, and the Covered Entity is not responsible for Unauthorized Access to PHI while in Transmission to the Individual based on the Individual's request. 

Who Should Attend:

• Health Care Providers
• Physical, Occupational, and Behavioral Therapists
• Group Health Plan Administrators
• Third-Party Group Health Plan Administrators
• Executive Management 
• Compliance Committee 
• Practice Managers
• Chief Compliance Officer 
• HIPAA Compliance Officials - Privacy and Security
• Patient Engagement and Marketing Specialists
• Patient Outreach Coordinators
• Risk Managers
• Covered Entity Owners and Senior Management
• Attorneys for Covered Entities- In-house and Outside Counsel
• Vendors and Business Associates  
• Billing companies
• Collection Agencies
• Practice Management Companies
• Health Care Marketing Consultants
• Health Care Compliance Consultants
• Law Firms

Presenter Information:

Name: Paul R. Hales

Paul R. Hales received his Juris Doctor degree from Columbia University Law School and is licensed to practice law before the Supreme Court of the United States. He is an expert on HIPAA Privacy, Security, Breach notification and Enforcement Rules with a national HIPAA consulting practice based in St. Louis. Paul is the author of all content in The HIPAA E-Tool, an Internet-based, Software as a Service product for health care providers and business associates.