How to Reduce Professional Liability Associated with Patient Portals
With good security strategies and accurate documentation providers can prevent HIPAA breaches and unnecessary professional liability claims.
MOS Medical Record Review www.mosmedicalrecordreview.com 8596 E. 101st Street, Suite H Tulsa, OK 74133
(800) 670 2809
Patient portals are expected to be highly effective in increasing patient engagement. They allow users to view their health data, and have the capability of putting the patient at the center of care, and include them in their own care team. One of the greatest advantages of this system is that it allows patient-provider communication via secure messaging capabilities and easy access to care through online appointment scheduling. The secure messaging capability of this system would help care providers build a relationship with the patients, and also streamline their workload. However, are there security or legal issues involved in this kind of communication? This is a question that we have at the back of our minds, because security is one of our major concerns when providing medical review service for our clients. All portals allow patients to view some part of their health information while the amount of information shared varies among different providers. Some allow access to the entire medical chart, whereas some allow patients to see only medications, test results and some other details. Looking at various aspects associated with patient portals, professional liability and confidentiality are the biggest concerns. Given that there are risks involved in having a patient portal, healthcare providers need to implement effective risk management strategies to handle any such threats. 
Ensure Security o
Patients may be using unsecure devices to access the portal, which poses risk.
o
Portals do not encrypt individual patient files though they use protective measures such as passwords, user authentication, and SSL which encrypts the network traffic from the browser to their website.
To ensure security and confidentiality, providers must prevent unauthorized access to the patient’s information. For this, consider how access is provided. o
If the access is made by a password, it is vital to ensure that others don’t gain access to the password.
o
The risk is minimal if the password is provided in person to the patient. However, if the password is emailed to the patient or is based on existing passwords, there is increased risk of somebody else gaining access.
o
If it is emailed, the provider must inform the patient that security may be compromised if somebody else accesses the mail.
o
To avoid legal consequences, the provider can have the patient concede in writing that any person to whom the patient provides the password will be able to access the account.
www.mosmedicalrecordreview.com
(800) 670 2809
o
Also, the patient has to inform the provider if he/she is aware that an unauthorized person has obtained access to their password.
o
To prevent leakage of information, providers can implement separate filesharing encryption software, or encrypt the files themselves.
o
Providers have to also ensure that basic technical safeguards are in place and documented clearly in their HIPAA risk assessment.
o
Vulnerability tests should be performed on the portal periodically to ensure that any weakness is discovered and remediated.

Provide Guidelines for Patients Patients should know how to use the portal. They need to be informed about the extent of information they can access. In addition, they should also be given clear instructions on how they can ask questions regarding the information. Some portals may allow secure email communication with the provider as well as access to patient information. In such cases, additional guidelines must be provided for the patients. It is best that patients are given information about the average turnaround time for messages. They should also be informed that the portal must not be used for issues that may be urgent or critical.

Ensure Accurate and Comprehensive Medical Documentation The patient’s medical record must be comprehensive and contain each and every communication with the patient. This will prove as solid defense in case there is a claim of medical malpractice, or professional liability, or insurer audits. This is also important from the point of view of reimbursement because it may help to justify the medical necessity or appropriateness of the service provided.
There is no doubt that patient portal is a new and effective way of communicating with patients and establishing a good relationship. As providers of chart review service for physicians, we know how cautious they are about HIPAA and the security of patient information. With good security strategies, they can prevent HIPAA breaches and unnecessary professional liability claims. Moreover, with the right patient education they can also ensure that the patients have a uniform understanding regarding how to use the portal.
www.mosmedicalrecordreview.com
(800) 670 2809