What happens if my nurse or myself accidentally send Mr Jones PHI across the portal to Mr Smith ? Will Mr Smith be able to then open up the message and see Mr Jones PHI?
Yes, Mr. Jones could see Mr. Smith's stuff; there's unfortunately nothing we can do to stop this, we're just doing what you told us to. It's the same thing as if you emailed it to the wrong address, or mailed a letter out with the wrong address. However, you can delete items from the portal, though, so if you realize it soon enough, you can remove it before the patient has a chance to see it.
Also just trying to understand why one modality is deemed HIPAA compliant and another not, such as faxing versus emailing. A breech of PHI seems just as easy by faxing to a wrong number as emailing to a wrong address. I've been faxing PHI for years, but never really thought about these issues much till starting AC/Updox recently and now being paperless has definitely opened up new areas of communicating but also new concerns. So bear with my simplistic understanding of this field.
Bert answered this pretty well, just wanted to add in a couple of thoughts. It's not about how easy it is to send something to the wrong location, it's about how easy it is to read in transit. To "read" a fax that you are sending out, a person would have to essentially tap the phone line, this is not trivial. "Reading" email as at is transferred, unencrypted, over the Internet is much simpler; it's available for many companies to read as it passes through their servers. And if you (or more likely your patients) happen to be checking their email at a coffee shop or library or anywhere else there are other people around, it would be fairly easy for anyone there to read their email as well. Not trying to scare you here, just trying to explain the how exactly email can be so insecure.
I have also noticed a portal payment option. Could you expand on what this capability offers.
Sure, I won't too much into the nitty-gritty of getting the initial setup up and running (I'm happy to discuss offline or on another thread). Once you are set up, this allows you to accept credit card payments through the patient portal. Patients can pay you a one-time payment, set up a payment plan (pay $40 a month for 5 months), or even pay for products/services you configured. Our charge is just 20 cents per payment, there's no percentage cut. Payments is one of the areas we're excited about; over time, we'll be adding many more features around this, for example, charging your patients a small fee before they can send you a message or submit a certain form.
If you have more questions about this, let's start another thread so it's easily searchable if someone has the same questions in the future.
