Modern communications capabilities open up a world of possibilities for all types of medical practices to develop deeper connections with their patients and to manage health care remotely. The HIPAA Privacy Rule gives patients the right to obtain copies of their medical records, treatments and protected health information or PHI. These requirements go further if medical providers want to receive reimbursement from Medicare and Medicaid -- patients must be able to access their records online, download copies and transmit the information to third-party providers. Most medical practices are finding it necessary to develop patient portals where patients and physicians can interact, share information and perform important functions such as practices billing patients and accepting payments online. HIPAA's rules require that these patient portals have strong security and privacy protections to prevent unauthorized access of these confidential PHI records.

Electronic portals create even more complex regulatory, performance and legal challenges than the common HIPAA guidelines that apply to any covered entity that deals routinely with PHIs. Health care providers often struggle to meet Medicare's and Medicaid's "meaningful use" requirements that health providers can only be reimbursed if they engage their patients interactively and electronically while providing security protection and preventing unauthorized access. In cases where information is compromised, the breaches must be closed and patients must be informed about the breaches. Fulfilling these privacy, security and administrative responsibilities creates many development costs and challenges that include the fact that many patients haven't fully adopted accessing their records digitally. However, the drivers and benefits for HIPAA compliant patient portal development -- when compared with the alternative -- mandate that medical practices adopt this technology as quickly as practical.

HIPAA Compliant Patient Portal Development


Patient Portal Development Outlook and Statistics

Patient portals streamline workflow, free staff members from routine clerical work, reduce operating costs and strengthen patient loyalty to their health care providers. Although some patients have been reluctant to use patient portals, statistics show that patients want the ability to access their records online.[1] IT vendor AthenaHealth conducted comprehensive studies of patient portal use based on 3,500 medical groups and 7.5 million patients. The insights that this research provided include:

  • Patient portal adoption increases patient payments and reduces the amounts that health providers send to collections.
  • Athena's network of providers discovered that patients' use of the portals increased by 20 percent or more in just one year.
  • Retention rates for patients that use patient portals increased to 80 percent from an average of 67 percent for nonusers.
  • Older people surprisingly use these portals almost as often as the younger generations.


Portal Development Challenges for Health Care Practices

The challenges of implementing HIPAA compliant patient portals depend on a provider's IT infrastructure and its operating system's complexity and interoperability. There are also the legal and regulatory requirements that include meeting mandatory HIPAA guidelines and voluntary best practices. The challenges of HIPAA compliant portal development include:


Managing Identity and Access

Managing identify and access to patient portals is an ongoing process that requires multiple verifications during enrollment and each time the portal is accessed. The portals need to evaluate risks without requiring lengthy sign-ups or identity confirmations that discourage portal use. Intelligent portals use combined device intelligence, passwords and special questions if needed when patients access their records on unknown devices. Surveys show that 93 percent of adult Americans feel that it's important to control who gets information about them, but 93 percent also want to share information with trusted people and organizations.[2] Strong identity and access controls make it easy to verify each authorized portal use without burdening patients with long, complex verifications.


Satisfying Diverse Stakeholders

Developing an effective portal doesn't just involve patients but a wide cross-section of stakeholders. These include the practice's senior leadership, patient advocates in the community, risk management stakeholders like insurers and legal counsel, physicians and clinicians and marketing staffs and health information management professionals who need to sell the benefits of using the patient portal to patients, caregivers and even some staff members who might hesitate to interact with patients electronically. Patient portals enhance communications, and sounding out these stakeholders is essential for developing an effective portal because each will be using the technology at ever-increasing rates.


Determining Portal Features and Capabilities

Each medical practice has its own unique average patient profile, medical specialties, budgetary limitations, percentage of Medicare/Medicaid patients and business structure. Many practices refer patients to in-house or outside partners exclusively, but all medical corporations must share information with other providers when it's requested by patients. Designing a patient portal depends on the practice's goals, mandatory requirements, patient demographics and services while sharing information among authorized users and business associates at different levels of access. Common challenges of portal design include:

  • Determining who generates and uses the information
  • Identifying the administrative tasks that can be performed such as scheduling and canceling appointments, updating health or billing information, allowing patients to register for surgical procedures and providing answers to questions and customer service
  • Meeting mandatory or voluntary regulatory incentive requirements
  • Deciding who gets access, which include caregivers, proxies, external vendors and authorized family members
  • Implementing procedures for denying access to authorized users or patients whom their doctors determine might use the information to harm themselves
  • Enabling patients to download and complete forms
  • Checking benefits and coverage of health plans
  • Exchanging secure, encrypted emails between patients and staff members
  • Allowing patients access to educational resources, discharge summaries, aftercare instructions, medications, lab results and other information


Satisfying Local, State and Federal Compliance Issues

Patient portals generate many associated mandatory and compliance issues. Practices must consider their business associates and chain-of-trust issues that arise when sending information by electronic transmission. Medical companies deal with insurance companies, Internet service providers, labs, pharmacies, billing and coding services, hospitals and other practices across different medical-related specialties. Each of these relationships generates a window of vulnerability that requires using a secure server, password and encryption/decryption algorithms to satisfy privacy and security regulations. Practices need to know their business partners and secure business associate agreements before sharing patient information through patient portals.


Management Strategies to Optimize Patient Portal Use

The benefits of patient portals increase exponentially with each patient who uses one, so encouraging patients and their families to use the portals can strengthen the cost-value and time-saving advantages of the technology. Surveys show that medical practices can optimize portal use by engaging Millennials and Baby Boomers to meet Stage 2 Medicare/Medicaid requirements, but these campaigns can work effectively for all patients.[3] Business concerns necessarily impact each medical practice, but decision-makers can enhance the benefits of adopting patient portals with strong campaigns to encourage patient use. Best practices for optimizing patient use include:

  • Providing flexible options for users to customize how they use the portals
  • Launching a promotional campaign that advances the benefits of getting 24-hour access to critical information
  • Enlisting families and caregivers to encourage patients to register and use the technology
  • Promoting a team effort in the office that encourages every staff member to extol the virtues of using patient portals
  • Encouraging physicians and clinicians to post information promptly and to respond to patient messages during evenings and weekends
  • Displaying signs and posters in the office and including simplified registration instructions on patient summaries
  • Marketing portals at each patient touchpoint
  • Appointing a health information manager to guide the promotional process


How Clarity Can Help

Clarity specializes in creating custom software solutions that are HIPAA compliant. Our team of engineers can help medical practices develop patient portals that are secure but highly functional for patients, medical practices and physicians. Busy medical staffs can spend less time on the phone and more time treating patients, which increases patient satisfaction and enhances productivity. Your medical practice can customize the patient portal based on many factors such as average patient age, familiarity with digital technology, need for proxy access for caregivers or spouses and other criteria. Call or contact Clarity today to see how we can meet the challenges of HIPAA compliant patient portal development while securing all its potential benefits for your medical practice.

References:
[1] Healthcare-informatics.com: The Business Case for Increasing Patient Portal Adoption www.healthcare-informatics.com
[2] Pew Research Center: Americans’ Attitudes About Privacy, Security and Surveillance www.pewinternet.org
[3] Hitconsultant.net: 64% of Americans Do Not Use Online Patient Portals hitconsultant.net


Please click below to contact Clarity with any questions about HIPAA development or for a free consultation.