Part of the HITECH Act's "meaningful use" criteria requires providers to engage with patients and families. Clearly regulators anticipate that this engagement will take place online via some kind of Web 2.0 patient portal/website. That helps answer the now rhetorical question of "why would a provider want an Internet presence?"
Prior to the HITECH Act that question would likely have been answered as follows:
One answer is that more and more patients expect it and are seeking access to more information about their health conditions online. Another reason is that in the new healthcare universe (Health 2.0) providers will need to compete fiercely for patients by differentiating themselves from the competition. A high quality online presence is likely to become, sooner rather than later, a matter of economic survival. First movers will have an advantage in their respective geographies.
Now the value proposition under HITECH is much more direct. Providers need to develop an Internet presence because they want to get paid their EHR incentives.
That brings me to the point of this post, something that very few healthcare providers are aware of: section 164.520(c)(3) of HIPAA's Privacy Rule states as follows (paraphrasing):
Specific requirements for electronic notice. A covered entity (CE) that maintains a website must make the notice prominently available on its website. A CE may provide notice via email if the individual has agreed to such notice and other requirements of this section are met.
This is not your daddy's heathcare industry anymore. Welcome to HITECH.
Looking for a best of breed HIPAA Compliance Tracking System?
To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.
If you need tools that will help with your compliance initiatives then check out the HSG Store.