Medical and dental practices are feeling an increased pressure to become paperless.
The government is requiring it, patients like the convenience and you, as an administrator, want your office to be more efficient. Today’s practices are foregoing the standard office clipboard in favor of online web forms that are accessible from your website. These forms are used to collect needed medical or dental history, consent and other patient information.
Under HIPAA, however, these online forms need to be compliant as they require the submission, transfer and storage of electronic health information, or ePHI. Here’s a few things you should be mindful of when using online patient forms:
1. Verify the security of the application
To be HIPAA-compliant, a website or secure online form application must ensure that all protected health information include the following:
- Encryption – data is encrypted in transit and at rest
- Authorization – ePHI is only accessible by authorized staff using a unique log-in associated with that staff member
- Audit – proper audited access controls are in place
- Integrity – data is not tampered with or altered
- Disposal – data must be permanently and properly disposed when no longer needed
- Backup – proper backup and recovery options are offered
- BAA – the company who provides the secure service will enter into a Business Associate Agreement with the covered entity – you
2. Think about form accessibility and usability
According to recent study by Pew Internet*, 64% of users in the U.S. will access information from the web over a mobile connection. In fact, 10% of Americans own a smartphone but do not have broadband at home*. Ensuring that your forms are accessible and usable from a mobile device is important.
3. Keep an internal backup
It is important to download and save form submissions and their associated audit trial as a backup. This will allow you to identify form activity for future record keeping should unauthorized access occur. This backup should be saved to a secure location and not be shared with an outside third party or staff member who should not have access.
Practis Forms for HIPAA Form Processing
Practis Forms is a secure, HIPAA compliant hosted form service. Once configured, simply embed your form(s) into your existing website and you’re up and running!
To learn more please visit practisforms.com or to speak with a form specialist at 704-887-5300!
*http://www.pewinternet.org/2015/04/01/us-smartphone-use-in-2015/