Protecting Your Patients' Info Online: FAQ's Of What HIPAA Mandates

Protecting Your Patients' Info Online: FAQ's Of What HIPAA Mandates

by from Medelita | Tuesday, Sep 13, 2016

Asking patients to fill out online patient forms, including patient registration forms and intake forms, may not seem like a big deal. In reality, any form of online health information, even information that may seem insignificant, falls under the guidelines and requirements of the HIPAA Security Rule. As a result, you need to understand what the rule actually says and its implications or consequences for violating it.

What’s the HIPAA Security Rule?

The HIPAA Security Rule is an expansion of pre-existing guidelines and requirements for HIPAA compliance of protected health information (PHI), explains HealthIT.gov. But, how do you share with other providers without violating the Security Rule? The answer lies in security.

Is Sharing of PHI Electronically Acceptable?

Sharing PHI is acceptable and often necessary in providing the best care possible. For example, underwriters may require the submission of dental insurance verification forms electronically. However, you cannot simply rely on unsecured connections or basic email servers to complete this process.

Instead, any information sharing should only take place through a secured electronic environment, adhering to the “5 Pillars of Cybersecurity Excellence.” In addition, you must inform patients about your intent to share their information in most cases. There are a few exceptions, such as disclosure to public health authorities or under court subpoena.

What Can Violating the Security Rule Cost?

If the breach of the Security Rule is unintentional, the fines can range from $100 to $50,000 in summation. However, cases involving willful neglect or breaches not corrected within an acceptable time frame can result in a max fine of $50,000 per violation. Some health care organizations have even been assessed millions of dollars, so taking preventative action by securing all PHI transmissions is critical.

There may be penalties assessed against health care organizations, including dental practices, who participate in Medicare or Medicaid and fail to enact security standards for the use of electronic health records (EHRs). Yet, the whole cost of working with a known provider of PHI sharing in a secured setting could cost significantly less to set up and maintain than a single violation. Ultimately, you have to determine if your dental or medical office could survive a $1,000,000+ fine due to your failure to maintain all PHI within acceptable standards of the Security Rule.

Like dental work, an ounce of prevention is worth a pound of damage control in maintaining the security of your patients’ information online. To learn more about how Practice Sense can help you maintain these standards, schedule your Practice Sense demo online.


Khalil Kanbar joined PracticeSense in 2016 and brings a wealth of knowledge in marketing and all things Ramen. Khalil stays up to date on best practices in marketing to ensure everything he does is current and effective. He played rugby at UCSD as a hook and takes that discipline, focus and teamwork from the field to his work.


Aptly named, Enclothed Cognition is the official Medelita blog for medical professionals interested in topics relevant to a discerning and inquisitive audience. Medelita was founded by a licensed clinician who felt strongly about the connection between focus, poise and appearance.