When you interact with patients online, either through unstructured mechanisms (like email), or
through more formalized services, like PatientWire E-Commerce or PatientWire Mass E-Mail, you need to take into consideration compliance with HIPAA
You should formally consent your patients before you allow online communications of any sort. This provides you with some measure of protection in
case of problems down the road.
It is convenient to combine an consent form for online communication with your office intake forms. This consent form should describe your method
of interaction online (ie, email, e-commerce, etc.), and risks that may arise from communicating online.
The form should also make reference to your
Remember that it is your responsibility to comply with the HIPAA guidelines with respect to patient privacy. And unfortunately, ignorance of
is not a defense if you're found in violation. If you don't have the stomach to handle the details of HIPAA yourself, make sure that the vendor of any
software that you use handles it for you. (Ask them explicitly about HIPAA compliance.)
I've uploaded a sample intake form that you can modify and use in your own practice. Having such a form will allow you to start collecting patient
It's best to include this form with the other stack of papers that you make the patient fill out when they arrive at the office. It lets them get
over with up-front, and allows you to have a consistent procedure for collecting email addresses.
Having this consent form sorted out will go a long way to preventing any misunderstanding between you and the patients that you
Adam W. Farkas, MD, MBA