The final rule adopting HIPAA standards for security was published in the Federal Register on February 20, 2003. This final rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information. To ensure compliance with the security provisions, Proactiv Wellness Centers, PLC (PWC) elected to acquire and implement a HIPAA-complaint Electronic Medical Records (EMR) system in April, 2006. This system, when fully implemented, allows us to be 100% paperless. In being HIPAA compliant, the EMR provider has implemented rigorous security standards that include biometric-enabled entry to the facility, secure processing over SSL (Secure Socket Layer – same as ecommerce transactions) and other physical and electronic protections.
The privacy provisions of HIPAA apply to health information created or maintained by health care providers who engage in certain electronic transactions, health plans, and health care clearinghouses. This part of the provisions provides requirements for how we can and can not use the information that is in your health record, and gives you certain rights to limit disclosures in certain situations. The privacy provisions also require that we notify you of our specific privacy policies. Click this link to access our current Notice of Privacy Practices. Notwithstanding the HIPAA requirements, we take security and privacy very seriously and take every effort to safeguard your personal health information and the financial information that you trust us with when making payments.
Using email safely
Due to HIPAA and our concerns about privacy and data security, we are concerned about the use of standard email for sensitive information, called “protected health information” (PHI) in the HIPAA provisions. For that reason, we have required that patients fax their credit card authorization forms and health history forms to us. Regarding standard email, while it is generally considered a reasonably secure method of communication, it is pretty broadly known that standard email is not totally secure from end to end, and as such, the information could be intercepted or tampered with. But just like financial transactions over the internet can be protected by encrypting the transaction and providing secure transportation of the transaction over SSL, email can be secured in the same way. In fact, we have contracted with a provider to do exactly that and are now pleased to offer free secure email to our patients. We will always use it for outgoing email that contains PHI or personal financial information. For example, the invoices that we provide will only be provided through secure email going foward since they contain PHI and personal identifying information including your social security number.
It is up to you to use your judgment for sending email to us. If it does not contain sensitive information, you can continue to use standard email or if in doubt, you can use our new secure portal to send secure email to us. When a secure email is initiated by us, you will receive a notice in your registered email inbox that simply indicates that you have received a secure email message from us. This email provides a link to the secure “escrow” portal that allows you to access the message. To access a secure message you will need two pieces of authentication. First, you will need the “key” that is included in the email. The easiest thing to do is to use copy and paste to get it from your inbox paste it to the secure portal. In addition to the “key” you need a secret word from us. The secret word was previously provided and can be obtained by contacting our Privacy Official at (703) 822-5003 Ext 4. Enter the secret word when prompted in addition to the key and you will be able to access the secure email. In addition to retrieving messages, you can reply to any messages that we have sent from this portal.
If you want to initiate a secure email to us, go to http://www.proactivesecureportal.com and register yourself for secure email sending using our secure send portal. To send from the secure send portal, you must use our new secure email addresses. For Dr. Lawson, the email address is firstname.lastname@example.org and for our Business Administrator and Privacy Official, Andre Etherly, the email address is email@example.com. From the secure send portal, it will only accept one of these email addresses so it is not possible to send it to the wrong place. Thus, whether you reply to one of our secure emails to you or initiate your own from the secure send portal, your message is encrypted and sent securely over SSL to our inbox. Of course, you can use the secure send portal to send credit card authorization forms for tests, maintenance programs and other services in addition to other PHI.
Notice of Privacy Practices
Acknowledgement of Receipt of Notice of Privacy Practices
Privacy – FAQ