By Stephanie J. Rodin, Esq.
In this article, I will discuss the requirements for websites & social media to be HIPAA-compliant.
As healthcare practitioners already know, the goal of the Health Insurance Portability & Accountability Act of 1996 (HIPAA) is to protect the privacy and security of Protected Health Information (PHI). One thing many do not realize is that HIPAA has some very specific rules about how to protect PHI on the Internet.
First, it is important to understand the terminology.
Covered entity: the health care practitioner
Covered service: the type of treatment that can be received from the covered entity
Covered benefits: why patients will be better if they receive treatment from the covered entity
If you, a covered entity, have a website which provides information about your covered service or benefits, your notice of privacy practices must be blatantly posted on the website, with a link to download the notice. If a complaint is made against you regarding a potential breach of HIPAA, one of the first things an investigator will do is look at your website, so it is very important to make sure the notice is conspicuous.
Read more ›