Page 28 - Part 2 Navigating Electronic Media in a Healthcare Setting
P. 28
SVMIC Navigating Electronic Media in a Healthcare Setting
family member, that the other person can access the patient’s PHI.
This conversation should take place at the outset, and the patient
should sign a form acknowledging that he or she has been so
informed.
The Person or Entity Authentication standard of the HIPAA
Security Rule requires that the covered entities and business
associates implement “reasonable and appropriate” authentication
procedures to verify that a person or entity seeking access to
electronic health information is the one claimed. Since the Security
Rule applies, the patient portal must be included in the practice’s
required Security Risk Analysis. As with other forms of internet-
based electronic communication, the portal can be the target of
cybercrime, and through the Security Risk Analysis, the practice
must establish administrative, physical and technical safeguards to
protect the ePHI.
The primary negative aspect of portals is that some patients either
cannot or will not use them. This could be because of many
reasons:
They feel intimidated by the technology.
They do not have access to a computer.
They simply have no interest in taking advantage of the
system.
Many elderly patients do not use portals. Also, most portals are
only English-language based, and for patients whose primary
language is not English, this can create a barrier. The practice
must identify the patients who do not use the portal and, at each
interaction, encourage them to use it by explaining the benefits
and how it allows the patient to be better informed and more
Page | 28
