Part 2 of 2 - Click Here for Part 1
Security is a top concern with patient portals. Providers grant patients access with a secure username and password. It is important to choose a patient portal vendor that provides a system which allows the practice to be HIPAA compliant. The provider should establish procedures which are structured for optimal security.
An important security feature is how the patient establishes access. For example:
- A patient visits the physician's office and signs a Patient Portal Access/Authorization Form and is given a one-time use activation code or
- A patient activates the portal account by logging into the portal and creating a username and password
Terms and Conditions, Access Form, Disclaimers, or Authorization Forms
Our research indicates that these terms are used interchangeably and denote a written document wherein the practice delineates the policies and procedures governing the use of its patient portal. Each practice should draft its own set of guidelines, but all forms should inform patients that the portal should not be used for urgent and/or emergent matters. Your forms should also include information about the following:
- Explanation of and guidelines for use of the patient portal
- Response time
- General guidelines for communication
- Portal eligibility
- Privacy and security
- Liability disclaimer
- How to get started
Remember, only established patients should be able to access the practice’s patient portal. Your EHR vendor should have sample forms which include the above information.
This information should not be considered legal advice applicable to a specific situation. Legal guidance for individual matters should be obtained from a retained attorney.