The other day a question came up on what extra due diligence do we need to do as we adhere to HIPAA compliance requirements. My first thought was that, of course, we do comply by embracing that extra due diligence in everything we deliver.
But of course, the devil is in the details. Those details get a little thorny when you create good front-end experiences without crossing the line and sharing any information.
Let me discuss three examples of how you can create a better consumer experience while still taking HIPAA into account:
- Register for a patient portal
- Patient Registration with an online form
- Personalization on a site
Registering on a Patient Portal
Many hospitals commonly require physical signatures and ID before giving access to your patient portal. Technically, this meets all the demands of HIPAA and ensures your privacy. But it requires a lot of extra time just to get access to something most patients won’t access all that frequently. You can set up a process like this, but consider other options.
Other industries commonly use information about you to help with self-verification. What if you could:
- Start registration with your name, MRN, and a couple of other pieces of information
- Go through a process where you answer very specific questions like, “Where you got your first loan?” or “What car did you buy in 1999?”
- Finish with some additional email verification
This type of an approach makes it possible to let patients register for the portal without a physical signature or a trip to hospital. It ensures it’s you because you have key pieces of information known only to you. It ensures your patients don’t start with a bad experience in the digital world they share with you.
Of course, any process like this must be vetted with your compliance organization and with legal. We found that a combination of those two helps to get past issues where one group may only focus on the perceived issues and not on how to adhere to the law and give a better experience.
We’ve all been there. You fill out a pre-registration form and it goes through seven different screens. 98% of that information already exists somewhere in that clinic or hospital records, but you get to do it all over again.
It’s as if they don’t know you despite having access to that very information. It is possible to solve this frustration, but you must be careful. You want to use this data to pre-populate a form, but you must do this in a safe and effective manner.
Here are some thoughts:
- If you have a custom portal, don’t store PHI on that portal. Make real-time calls to more secure back-end systems to get that information
- Don’t key information like social security number in the open. You can partially mask it and have a user confirm that the last four digits are correct
- Verify that the information you “need” is truly what you need and not too much
- Have two versions of forms: One longer form for new patients and one shorter for existing patients. Once they login, you can give them a better experience.
- Use these types of events to suggest that now is a great time to sign up for the portal.
Remember that you can take small steps to create a better digital experience. It just takes thought and effort.
Personalizing the Experience
Regardless of industry, every company or organization wants to create a more personalized experienced. Most find it to be incredibly difficult. Health Care Organizations (HCO’s) find it even more so.
How do you use insights about a patient having high blood pressure to help them learn more about their diagnosis and provide options to proactively address the issue? You shouldn’t just come right out and state it. That’s especially true when they are on a public, non-logged in site.
But you can provide insights.
For example, you can have an area with relevant articles from a health library. If you have online classes or other events, you can make them aware of it without explicitly saying anything.
Finally, if they click on these personalized article or classes, you can also make them aware of excellent clinicians who can treat someone with their condition and why anyone who has it needs to take a first step.
This approach isn’t perfect, but it ensures that if someone is curious enough to come to your site and identify themselves, then you can guide them in the right direction to addressing their health needs.
YOU MAY ALSO ENJOY – Hip On HIPAA: The Secret Sauce to Successful Marketing Campaigns
Struggling to Meld HIPAA Compliance and Great Experiences?
We can help. Reach out, and let’s talk.