Simple Compliance Steps for Email and Texting to Save Providers from Serious, Widespread HIPAA Violations

Overview: The HIPAA Rules and HHS/OCR guidance provide a simple, easy to use 3 Step Safe Overview: The HIPAA Rules and HHS/OCR guidance provide a simple, easy to use 3 Step Safe 
Harbor for using unencrypted email and text messaging to engage patients. This session will 
explain the 3 Step HIPAA Safe Harbor. The secret is - HIPAA Rules are easy to follow, step-by-
step - when you know the steps.
Why should you Attend: Patient Engagement is a cornerstone of effective patient care. 
Communication technology offers indispensable patient engagement tools. Secure patient portals 
are available. So are encrypted text message and email products. But patients overwhelmingly 
choose non-secure communication tools like text messaging and email. 
Appointment reminders, healthcare instructions, patient satisfaction surveys, health and wellness 
newsletters and recall reminders are just a few patient engagement tools sent electronically by 
regular (unencrypted) email and text messaging. 
The HIPAA Rules for sending Protected Health Information (PHI) by unencrypted electronic 
transmission are clear - and new. The first became effective with the HIPAA Omnibus Rule 
(September, 2013). Further, important guidance was published by the U. S. Department of Health 
and Human Services in 2014 and 2016. 
There is a simple 3 step HIPAA "safe harbor" that frees Covered Entities and Business Associates 
from any responsibility or liability for unauthorized access to Protected Health Information 
(PHI) in unencrypted emails and text messages during transmission and after receipt by the 
patient.
There are widespread violations of the HIPAA Rules for communicating with patients by unencrypted 
email and text message - largely because Providers and Business Associates just don't know the 
rules - and don't understand what PHI really is - as defined by HIPAA. 
Areas Covered in the Session:
A clear explanation of the simple 3 Step HIPAA Safe Harbor that protects Covered Entities and 
Business Associates acting on their behalf from liability related to Patient Engagement by 
unencrypted email and text messagingWhat makes an email or text message subject to HIPAA lawA clear explanation of how HIPAA defines PHI - it's not just information about, for example, a 
diagnosis, disease, surgery or prescribed treatmentHow a 2015 Federal Communications Commission Order about health care text messages added to 
confusion and what it really means - the 3 Step HIPAA Safe Harbor is the only text message Safe 
Harbor for Covered Entities and Business AssociatesThe interconnected liability of Covered Entities and Business Associates that provide unencrypted 
electronic patient engagement services like appointment reminders - and both can protect 
themselves
Who Will Benefit:Hospital TrusteesC-Suite ExecutivesHIPAA Compliance OfficialHIPAA Privacy OfficerHIPAA Security OfficerHealth Information Technology SupervisorPractice ManagerRisk ManagerDentistOptometristChiropractorPhysical TherapistPodiatrist