COVID-19 Update: Read our messages to employees and clients

May 22, 2018
The Challenge of Creating Secure Patient Portals

Patient portals are changing the way patients think about and access health care. Along with messaging their physicians, patients can now use portals to schedule appointments, access lab results, fill prescriptions, view their health records, update their demographic information, access discharge and medication instructions, and pay their bills. In some cases, they can even video chat with their providers.

The potential advantages should be increasingly clear to physicians, too. Portals can promote patient engagement and allow caregivers to use analytics to measure how well patients are progressing or whether they need to initiate interventions or adjust care plans. And portals can be used to encourage patients to handle routine inquiries on their own, thus freeing up more time to devote to patient care.

Breaches happen

But along with their many advantages, portals present some challenges, chief among them security and Health Insurance Portability and Accountability Act (HIPAA) compliance. Safety concerns are warranted, of course, considering the frightening number of attacks that hackers have been waging against healthcare institutions. If you’re thinking of using patient portals, you need to take all reasonable steps to keep data safe, and you need to make sure you comply with the meaningful use criteria of the Centers for Medicare and Medicaid Services (CMS) Electronic Health Records (EHR) incentive program.

A recent breach illustrates the kind of mistake that’s too easy to make. Recently, an IT consultant discovered that he could not only access his own test results through a healthcare services company portal, he could also access test results and personal health information of other patients. All he had to do was change one digit in the URL, because the records had been set up sequentially with no encryption. Fortunately, he wasn’t out to exploit the flaw, and he made sure the company was alerted.

What’s required

The CMS EHR incentive program mandates six meaningful use criteria related to patient portal functionality:

  • A clinical summary to the patient after each visit
  • Secure messaging (SM) between patient and provider
  • Ability to view, download, and transmit personal health record data
  • Patient specific education
  • Patient reminders for preventative services
  • Medication reconciliation

Additionally, HIPAA requires providers to protect all information maintained in, or available through, patient portals. But just as HIPAA regulations don’t prevent patients from providing access to friends or family to written personal information, regulations don’t prevent patients from granting portal access to others of their choosing. HIPAA does, however, require providers to establish safeguards to prevent unauthorized access to patient information.

That usually means, among other things, providing a password. The best way to prevent vulnerability, say experts, is to give the patient the password in person, minimizing the possibility that unintended recipients will gain access to it via email or other means.

How complex should the password be? Complex enough that providers can be shown to have taken reasonable care to guard against unauthorized access, but not so complex that users have trouble accessing their records, say experts. Ultra-complex protocols requiring multiple layers or character sets may create the impression that providers are trying to deny patients access to their records.

Safer and stronger

Here are some other suggested steps to ensure that your portals are secure:

  • Encrypt the information. Encryption makes information unreadable unless you have a security key, making it useless to hackers or unauthorized users.
  • Implement a need-to-know approach to limit access to information. Employees should have different levels of access, depending on what kinds of information they need to do their work.
  • Consider using two-factor authentication. For example, require patients to type in security codes sent to their mobile phones to be able to log in to the portal.
  • Have strong audit logs. Logs should show what information was accessed, along with details on destination and source addresses, a timestamp, and user login information.
  • Train staff to explain to patients what they can do to keep their health data secure.
  • If you accept online payments through a portal, make sure it complies with The Payment Card Industry Data Security Standard.

Moving forward

There’s no doubt that with every day that goes by, more and more patients expect to be able to communicate online and through chat. LifeLink’s chatbot platform is designed to supplement the utility of patient portals and accelerate the successful transition to value-based care by providing smart, personalized, on-demand conversations that span the full patient experience.

Chatbots connect with patients and their families, send appointment reminders, answer concerns, and ultimately help deliver care that surpasses expectations. They deepen patient engagement, improve the experience of care, and ultimately increase patient loyalty.

By pairing LifeLink with CareThrough’s highly skilled navigators, you can provide the highest level of care support and free your care teams to always work top-of-license.

Care Navigators
As healthcare business models evolve, so should care teams.

Patients who are paired with Care Navigators report feeling less anxiety, and an increased ability to self-manage their conditions between visits. And providers report increased job satisfaction from improved efficiency, and knowing their patients have access to care teams, and strategic support.

Chronic Care Management
With an increased aging population managing two or more chronic illnesses, extending your care teams’ ability to communicate with patients is critical. We take a strategic approach to helping patients chart a path towards their health goals, while self-managing their chronic conditions between clinical visits.

Artificial Intelligence
Our advanced AI solutions tackle complex documentation challenges to reduce the administrative burden preventing doctors from delivering precision care. We'll guide you through the best practices for incorporating AI into your workflow. Gain visibility into your data with enhanced analytics driven by AI and CTAs.

Nurse Care Team Assistants
Adding a qualified Nurse CTA to the care team increases quality of work-life and reduces stress on nurses. The nursing profession is also experiencing an alarming shortage due to increased clerical burdens and burnout.

Scribe Services
There’s a reason why we’re the nation’s most frequently used scribe company: we offer professionally trained in-person and virtual medical scribes to meet the specific needs of our clients. We offer a variety of scribe programs, as well as technology and personnel solutions that address revenue cycle management, the transition to value-based care, and more through our HealthChannels family of companies.