Don't Blame Communication Restrictions on HIPAA

When all else fails, blame it on HIPAA. Poor HIPAA really bears the burden of so much false blame. Here are just a few reasons my team and I are frequently told "it's HIPAA's fault," even though these are really false accusations.

1. We can't market our practice on social media, because of HIPAA.

This statement or similar ones have been presented in many of our educational presentations regarding the importance of a social media presence for medical practices. I hate to break it to you, but HIPAA has not a single thing to do with your social media presence.

Not. A. Single. Thing. And if you are worried about your staff or you accidently posting protected health information (PHI) then you are right, you have no business managing your own social media program. But that does not change the importance of having a presence online for the success of your practice.

2. We can't allow a guest Wi-Fi in our office because of HIPAA.

This statement often comes up when we are discussing the amenities that practices should have for their ideal patients. Especially in practices that have significant wait times either in the waiting area or in the exam rooms.

I understand that it is not a good idea to allow guests/patients to access the dedicated Wi-Fi for your practice; potentially giving them access to your EHR or patient data. However, having a secure guest Wi-Fi that is separate from the practice's Wi-Fi is a great idea - it is a very safe and not too expensive option. It can also be used for staff that need Wi-Fi for their personal devices.

3. We must keep this frosted-glass partition at our reception counter in place and closed at all times to ensure HIPAA compliance is met.

This statement comes up when we work with clients to make their waiting room more hospitable to their patients. I can understand the "desire" to keep the old frosted-glass partitions. However, while it is not HIPAA mandated, it probably was HIPAA's fault for scaring everyone into believing they needed it. My suggestion is to keep it open as much as possible to be able to provide the best customer service.

4. We can't e-mail patients because of HIPAA.

Errr, you can. HIPAA does not prevent physicians from using any form of communication, including e-mail, to communicate with patients or other physicians regarding treatment recommendations. So long as you take "reasonable and appropriate safeguards" to ensure that the communication is protected (e.g. using encryption or a patient portal), you will be within the law.

HIPAA is there for the protection of patients, not the hindrance of growing practices, communicating with patients, good customer service, or providing amenities to patients.