Summer 2021’s Trending Data Privacy Pitfalls—Roots of Wisdom

Winthrop & Weinstine, P.A.

As we enter the last half of summer and the temperatures start to give us some reprieve from the heat (hopefully), there is no better time than now to review your data privacy practices. Over the past few months, we have seen a startling trend with many of our clients’ security and privacy measures as it relates to protected health information (“PHI”). So that you can avoid similar mistakes, below please find two examples of privacy pitfalls that we have recently come across:

  1. Personal Cell Phone Use. We have discovered a number of clients who use their personal cell phones to take treatment-related photos or to communicate with patients by text regarding their treatment or clinical needs. We cannot stress this enough, if you are taking treatment-related photos or communicating with patients in writing on your personal cell phone, stop immediately. This has the potential to expose you and your personal phone to potential headaches down the road on multiple fronts. First, if any type of litigation ever ensues relating to a patient with whom you communicated in writing from your personal phone, the data on your phone could be discoverable by the opposing party or subject to subpoena by a third party. Second, written communications with patients regarding treatment and treatment-related patient photos are almost always PHI, and thus must be securely stored. Your personal phone is not a secure method of storing PHI as required by applicable data privacy regulations, especially if others may have access to it. If your phone is lost, stolen or hacked, any PHI on the device could be exposed, which may trigger breach notification requirements to affected patients and government regulators. Third, and importantly, patient communications and photos must be kept in the patient’s record. Failure to transfer them (which few do) could result in allegations of deficient recordkeeping.If you are using your personal phone as indicated above, let us talk you through safer methods for communicating with patients moving forward, to ensure that your personal data is protected and your patient records are complete.
  1. Notice of Privacy Practices. Included within the many requirements of the Health Insurance Portability and Accountability Act (“HIPAA”), as amended, is the obligation to make your Notice of Privacy Practices (“Notice”) available to your patients. As you may already know, the Notice must advise patients on how you use and share their PHI. What you may not know is where and how the Notice must be posted and made available to your patients. Below is a high-level summary of the Notice’s posting requirements, which we are happy to help you develop and implement:
    • You must post the Notice in a clear and prominent location at the office.
    • You must have copies of the Notice available upon a patient’s request.
    • You must prominently post the Notice on your web site and make it available electronically through the web site.
    • For new patients, you must provide a copy of the Notice (hard copy or electronic) and obtain an acknowledgment of receipt no later than the date of the first service delivery.

Getting up to speed with these trending data privacy pitfalls can help you avoid sweating over how your PHI is handled, even if the heat does not relent.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Winthrop & Weinstine, P.A. | Attorney Advertising

Written by:

Winthrop & Weinstine, P.A.

Winthrop & Weinstine, P.A. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.