Even if you're totally HIPAA compliant and know that your portal is secure, your patients may not be so sure.
Some patients are reluctant to use patient portals because they are concerned about security issues. They hear news reports about stolen medical data and may wonder if their data is at risk when they use your portals. You can reassure them that you, as a covered entity, have met all the federal requirements to protect your patients' health information but if the patients themselves don't take adequate precautions, they could compromise their own data. This would not, of course, be a HIPAA violation, but that doesn't mean you shouldn't be concerned about it. It's just considerate to help your patients use your portal safely, and it is enlightened self-interest as well. Patients who feel comfortable using the portal are more likely to use it. Put yourself on the other side of the computer screen, and give your patients some guidance on how to make the most of your portal.
The first step is to make sure patients are familiar and comfortable with your portal. Ideally, you should designate someone on your staff to train patients to use the portal. "This person needs to be able to answer all the questions that patients have about the portal, including explaining how secure it is, how beneficial it will be for them, and how to create good passwords," said Tammie Olson of Management Resource Group, an Ocean Springs, Miss, firm offering financial management and support services for the healthcare community. "This person also needs to be available to patients if they have any issues with the portal," she added. Beyond choosing good passwords [link to password article?], there are several things patients need to know to help them use your portal safely and effectively. Steven Waldren, physician, director of the AAFP's Alliance for eHealth Innovation, said you should advise patients to make sure their web browsers and operating systems are up to date. Things might seem perfectly smooth on your end, but patients could have trouble-and be more vulnerable to hackers-if their software is not up to the job.
Security on your end doesn't necessarily mean security on the patient's end. "If patients access your portal through the web, they need to make sure that the lock icon is showing in the URL bar, or that the web address begins 'https:'" said Waldren. The lock icon and the 's' on the end of 'http' indicate a secure connection. Patients also need to be careful about what network they use to access the portal. "When patients access your portal from public places, they need to be especially careful," says Waldren. He describes a ruse called "man in the middle" in which you think you are on, say, the coffee shop's network, but a third-party has hijacked your connection and now has access to your information.
You certainly don't want to frighten your patients; just make sure they are cautious, and know how to use your portal safely. By showing your patients that you are concerned with their security in your portals, you'll reassure them that you are on top of data security while at the same time helping them be better team players in their healthcare.