Many healthcare providers are starting to make the move online. That is really not surprising because the move, like every other industry, appears inevitable. Here's a recent example from EMR Daily News (which BTW, is an excellent blog and one that you should be reading).
Providers that were once tepid about the move online are now going to be in a hurry to get there, since they will see the advantages that more nimble colleagues are obtaining, like the small matter of getting paid their EHR incentives.
As this last link notes however, many providers are unaware of the legal compliance issues that they may face as they go online. Here's the money quote from the link:
"That brings me to the point of this post, something that very few healthcare providers are aware of: section 164.520(c)(3) of HIPAA's Privacy Rule states as follows (paraphrasing):
Specific requirements for electronic notice. A covered entity (CE) that maintains a website must make the notice prominently available on its website. A CE may provide notice via email if the individual has agreed to such notice and other requirements of this section are met."
The reference above is to a provider's HIPAA Privacy Notice and is NOT a reference to the typical privacy policies found on most websites. Of course a provider could place it there, but then the issue becomes whether or not the "prominently available" requirement has been met?
But there is more to the legal compliance story for providers than meeting the HIPAA requirements. Providers also need to be in compliance with all other applicable law that is pertinent to running an online business. For example, if a provider's site has a blog with open comments and the ability to attach user generated content (UGC), then a provider must comply with the Digital Millennium Copyright Act (DMCA) if they want to take advantage of its safe harbor.
The DMCA is the tip of the iceberg, depending on the type of site a provider launches. Providers and facilities are encouraged to read "Why Audit Your Website?" to get a better understanding of online legal issues. These legal issues, in some cases, apply "across the board" and are not industry specific.
Looking for a best of breed HIPAA Compliance Software?
To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.
If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH / HIPAA experience?