Does HIPAA allow you to remind patients to pick up their prescriptions?

Chains and big boxes send reminders, so it’s ok… right? It depends… read on.

A prescription notice or an appointment reminder is considered Protected Health Information (PHI) if it shares information that can be used to identify the patient such as a phone number or email address. Any information containing ePHI must be properly handled, which includes encrypting messages and properly storing them. Our associates at LuxSci posted a great article which you can read in full here. It sheds some insight on electronically-transmitted pick-up reminders and what information you are permitted to send.

Are we allowed to send these messages?

HIPAA’s Privacy rule permits providers to communicate with patients regarding their healthcare in specific ways. To send notifications in a manner that is not HIPAA-compliant, you must first obtain mutual consent.

How can pharmacies send these messages?

“Just because you are permitted to send message … does not mean that you are free to choose any method of delivery.” – LuxSci

Not all methods of delivery are the same and standard text messages are NOT secure, so how do we send reminders? HIPAA permits patients to consent to receive insecure messages if they have been advised on the risks involved and if a secure alternative is recommended.  This is called “Mutual Consent“. Pharmacies should be sure that a patient indicates in writing that it is OK to send ePHI via insecure email.

Pick-up reminders are excellent way to increase patient adherence and also improve your revenue, but remaining HIPAA-compliant is critical. A secure text solution for communicating with your patients is a very cost effective way to provide patients with the information they need.

Note: This is not intended as legal advice … you should always contact your lawyer for advice on how HIPAA applies specifically to your situation.Storey Marketing’s developers are Certified HIT Security Professionals. When Storey Marketing designs your website, all forms are hosted on our HIPAA-compliant server.

BUILD YOUR BUSINESS IN 2017! Ask us for more information about professional website development and managed hosting.

References:

https://luxsci.com/blog/hipaa-really-permit-reminding-patients-pick-prescriptions.htmlhttps://luxsci.com/blog/can-i-really-email-ephi-insecurely-with-mutual-consent-under-hipaa.htmlhttps://luxsci.com/blog/what-exactly-is-ephi-who-has-to-worry-about-it-where-can-it-be-safely-located.html