New HIPAA Rules for Email and Text Messages

Duration: 90 Minutes
Instructor: Paul R. Hales
Webinar Id: 801933


One Attendee
Unlimited Attendees ?

This webinar focuses on HIPAA Rules for transmitting informational email and text messages to patients over an electronic communications network.


Regular (unencrypted) Email and Text Messaging are effective engagement and communication tools that patients like and have the right to use.

A simple 3 step HIPAA safeguard fully protects Covered Entities from violating both HIPAA and the TCPA (Telephone Consumer Protection Act) and stymies expensive TCPA class actions. Unfortunately few take advantage of the 3 step safeguard. And the Internet is awash with mis-information that can get Covered Entities into serious trouble.

New HIPAA Rules adopted beginning in 2013 and OCR guidance clearly explain how Covered Entities may communicate with patients by unencrypted Email and Text Messaging. The new HIPAA Rules and a directive from the CMS Center for Clinical Standards and Quality/Survey & Certification Group also clarify when Covered Entities must use encrypted Email and Text Messages to communicate with persons like other Covered Entities who are not patients.

This webinar will explain how Covered Entities can protect themselves from HIPAA and TCPA violations by following the simple 3 step safeguard to communicate with patients using unencrypted Email and Text Messages. It also will cover new HIPAA Rules and the CMS directive to explain when emails and text messages containing PHI must be encrypted.

Why should you Attend: You will find out how to use and document the 3 step safeguard to protect your organization when communicating with patients by regular email and text message. The 3 step "Safe Harbor" will protect your organization from liability for HIPAA and TCPA violations when use regular, unencrypted email or text messaging to communicate with patients. And you will learn when you must encrypt emails and text messages containing protected health information (PHI).

Areas Covered in the Session:

  • An individual's absolute right to receive PHI from Health Care Providers and Health Plans by standard (unencrypted) email and text messages
  • A clear explanation of the simple 3 Step HIPAA safeguard that protects Covered Entities using unencrypted Email and Text Messaging to communicate with patients from HIPAA and TCPA violations
  • A clear explanation of how HIPAA defines PHI - it's not just information about, for example, a diagnosis, disease, surgery or prescribed treatment
  • Understanding the danger - how to recognize when an Email or Text Message really does contain PHI
  • How a 2015 Federal Communications Commission Order about health care Text Messages added to confusion and what it really means
  • The meaningless and dangerous TCPA "Healthcare Informational Text Message Exemption"
  • The interconnected liability of Covered Entities and Business Associates vendors providing unencrypted electronic patient engagement services like appointment reminders - and how both can protect themselves

Who Will Benefit:
  • Health Care Covered Entities
    • Practice Managers - Covered Entities
    • HIPAA Compliance Officials
    • HIPAA Privacy Officers
    • HIPAA Security Officers
    • Patient Engagement Officials
    • Health Information Technology Supervisors
    • Risk Managers - Covered Entities
    • Health Care Providers practicing as individuals or in small groups
    • Group Health Plan Administrators
    • Third Group Party Health Plan Administrators
    • Covered Entity Senior Management and Owners
    • Attorneys for Covered Entities - In-house and Outside Counsel
    • Compliance Committee - Covered Entity Board of Trustees
    • Compliance Committee - Physician, Practitioner-owned Covered Entities
    • C-Suite Executives - all Covered Entities
    • Chief Compliance Officer -all Covered Entities
  • Business Associates
    • Billing and Coding companies
    • Practice Management Companies
    • IT Vendors
    • Data Storage firms (electronic and paper)
    • Secure and unsecure providers of PHI Email and Text Message services
    • Vendors of patient satisfaction surveys
    • Collection Agencies

Speaker Profile
Paul R. Hales, J.D. is widely recognized for his expert knowledge and ability to explain the HIPAA Rules clearly in plain language. Paul is an attorney licensed to practice before the Supreme Court of the United States and a graduate of Columbia University Law School with an international practice in HIPAA privacy and security. He is the author of all content in The HIPAA E-Tool®, an Internet-based, complete HIPAA compliance solution with separate editions for Covered Entities, Business Associates, Health Plans and Third Party Administrators.

You Recently Viewed