Patient Appointment Reminders

HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information.

Simply Clinical takes the upmost respect when dealing with your clients protected heath information.

The Health and Human Services (HHS) department has stated that appointment reminders are allowed under the HIPAA Privacy Rule (see here).

When sending appointment reminders such as SMS, Email or Voice Calls you should not include detailed information about the person receiving the reminder. This includes such things as diagnosis, treatment information or other personally identifiable information.

Your reminder messagae should only include the most generic of information such as the date and time of the appointment and the name of the company.

Simply Clinical does the following to safe guard your information.

- We use Secure Socket Layers (SSL) to transmit all data

- HIPAA Compliant Databases and Servers

- Encrypted data storage using industry standard AES-256 database encryption keys.

- Unique usernames for tracking user identity

- Automatic logging off after a predetermined time of inactivity

- All user names and passwords stored in our database are encrypted.

- Disabled Accounts after multiple failed attempts

If you work in a healthcare office, you may be wondering if text messages, emails, automated voice calls and other forms of communication are acceptable for medical appointment reminders under the Portability and Accountability Act (HIPAA).

The answer is yes.

The Health and Human Services (HHS) department has stated that automated doctor appointment reminders are allowed under the HIPAA Privacy Rule (see here). While we are excited to share this exciting news, we do want to remind our current and future clients that we are not legal professionals, and therefore we cannot provide any legal advice or instruction.

Healthcare providers must ensure that the content of appointment reminders (including text messages) does not include any protected health information (PHI) without patient consent. Providers should obtain the patient’s consent to receive text messages and should inform them about potential privacy risks. It's important to use secure messaging services and limit the information shared in these reminders to minimize any privacy risks.

Why HIPAA Matters to Your Modern Practice

One of the primary reasons the United States government passed HIPAA was to encourage the use of new technology in the healthcare field by establishing rules to protect the privacy of patients in regard to patient appointment reminders. A key aspect of HIPAA relates to the security of data regarding patient records and other vital information that should remain private under federal law. This pertains to HIPAA appointment reminders, HIPAA rules regarding text messaging, and doctor appointment email messages and calls.

About HIPAA-Compliant Appointment Reminders

The Department of Health and Human Services has officially stated that phone calls, text messages and emails are all effective and legal ways to communicate with patients regarding their upcoming appointments under HIPAA requirements. Reminding patients about appointments that they made days, weeks, or months before is critical to providing patients with timely care and to the efficient operation of the medical office. When sending text, voice, and email appointment reminders, it is important to remember that someone other than the intended party may see or hear the message. Because of this, you should take care not to include detailed notes about the appointment, diagnosis, or treatment plans.

Complying With Patients' Wishes

Here are some important things to keep in mind regarding calling, emailing, and text messaging and HIPAA compliance. With HIPAA appointment reminders, healthcare providers are required to comply with reasonable requests regarding the format of the reminders. For example, if a patient wishes to opt out of receiving text-message appointment reminders, the patient can request another type of reminder, such as appointment-reminder calls. The healthcare office is not required to make a phone call or send a medical-appointment-reminder text message if this is not a service provided by the office to other patients. However, the healthcare office will need to cease sending reminders if a patient makes the request to do so. Pateints may elect to un-subscribe to the text reminder service via the appointment reminder text.

Opt-In

An opt-in approach means that patients explicitly consent to receive appointment notifications electronically. They actively choose to receive reminders through a specific communication channel, such as email, text message, or phone call. Implementing an opt-in process ensures that patients know the communication method and have agreed to receive electronic notifications before any messages are sent.

Opt-Out

An opt-out approach means that patients are automatically enrolled to receive appointment notifications electronically, but they can unsubscribe from such communications.

Example :

[I agree to receive SMS at the phone number provided. Data rates may apply, reply STOP to opt-out]

The healthcare provider may send notifications via email, text, or phone call by default unless the patient decides to opt out of electronic communications.

** no mobile information will be shared with third parties/affiliates for marketing/promotional purposes.

• Our company contact information:

Address:

6635 E Iona Rd

Idaho Falls, Idaho

83401

PH:

(208)705-7701

• What personal information we collect:

For text reminders, we only collect cell phone number and apointment dates and times.

• Why we collect it - to ensure patients are remined of their appointments.

• How we use it - for text appointmant reminders only

• We do not (and are prohibited by national HIPAA regulations) to share it or sell it to third parties

• We never transfer it internationally

• All patients have rights reguarding their personal data and can access ways to act on those rights as described here

** Appointment reminders are opt-out

While most healthcare marketing messages must be opt-in (WE DO NOT COLLECT INFORMATION OR CONTACT PATIENTS FOR MARKETING PURPOSES), appointment reminders are an exception. You do not need specific permission to send an appointment reminders, but patients must be able to unsubscribe. According to the Department of Health and Human Services, "appointment reminders are considered part of treatment of an individual and, therefore, can be made without an authorization."

Privacy Policy

Privacy Policy

Effective Date: 01/01/2024

ClinicCare/Noctilucent Technolgies LLC

A. Introduction

We are committed to protecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information.

B. Information We Collect

a) Personal Information:

When provided voluntarily by individuals, we may collect personal information such as names, addresses, email addresses, and phone numbers.

b) Non-Personal Information:

For statistical purposes, we may also collect non-personal information such as browser type, operating system, and IP address.

C. How We Use Your Information

We may use the collected information for purposes, including but not limited to:

a) Providing and personalizing our services.

b) Processing transactions and delivering products.

c) Sending periodic emails related to your lab work or appointments.

D. Disclosure of Information

No mobile information will be shared, sold, or rented with third parties/affiliates for marketing/promotional purposes.

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as set forth in this Privacy Policy.

a) Third-Party Service Providers:

We may share information with third-party service providers who assist us in operating our website, conducting our business, or servicing you.

b) Legal Compliance:

We may disclose information when required by law or in response to lawful requests by public authorities.

Data disclosure laws vary between countries, and even within countries, they can be subject to federal, state/provincial, and local regulations. In the United States and Canada, data disclosure laws encompass a combination of federal and provincial/state regulations. I'll provide you with a brief overview of the major federal laws in both countries.

United States:

1. Federal Trade Commission Act (FTC Act):

• Overview: The FTC Act broadly prohibits unfair and deceptive practices in commerce, including the unauthorized disclosure of personal information.

• Enforcement: The Federal Trade Commission (FTC) enforces the FTC Act.

2. Gramm-Leach-Bliley Act (GLBA):

• Overview: Primarily applicable to financial institutions, GLBA requires these institutions to protect the privacy and security of consumer financial information.

• Enforcement: Various federal agencies, including the FTC, have enforcement authority.

3. Health Insurance Portability and Accountability Act (HIPAA):

• Overview: Applies to protected health information held by covered entities and their business associates. It sets standards for the privacy and security of health information.

• Enforcement: The Department of Health and Human Services (HHS) is responsible for enforcing HIPAA.

4. Children's Online Privacy Protection Act (COPPA):

• Overview: COPPA regulates the online collection of personal information from children under 13. It requires obtaining parental consent.

• Enforcement: The FTC enforces COPPA.

5. California Consumer Privacy Act (CCPA):

• Overview: State-level legislation granting California residents specific privacy rights and imposing obligations on businesses handling their personal information.

• Enforcement: The California Attorney General can enforce the CCPA.

Canada:

1. Personal Information Protection and Electronic Documents Act (PIPEDA):

• Overview: Applies to private-sector organizations engaged in commercial activities. It regulates the collection, use, and disclosure of personal information.

• Enforcement: The Office of the Privacy Commissioner of Canada (OPC) oversees PIPEDA compliance.

2. Provincial Legislation:

• In addition to PIPEDA, some provinces have their own privacy legislation. For example, Alberta and British Columbia have their own private-sector privacy laws.

Please be advised these laws are subject to change, and new regulations may be introduced. Always consult with legal professionals to ensure compliance with the latest data disclosure laws that apply to your specific circumstances.

E. Cookies and Tracking Technologies

We use cookies to enhance your experience on our website. You can control cookies through your browser settings.

F. Your Choices

You have the right to access, correct, or delete your personal information. To do so, please contact us at info@simplyclinical software.com or rcelner@hotmail.com.

G. Security

We implement reasonable security measures to protect your information. However, no method of transmission over the Internet or electronic storage is completely secure.

H. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy at any time. Changes will be effective immediately upon posting to the website.

I. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at info@simplyclinical software.com or rcelner@hotmail.com.

Where to find more information regarding the Privacy Policy

To provide a clear description of the Privacy and Policy practiced by a company, please consult the following laws and documents regarding the data processing policy in the online environment:

1. Legal Texts and Government Websites:

• Review the actual legal texts of the laws mentioned. This might include the Federal Trade Commission Act, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act (HIPAA), Children's Online Privacy Protection Act (COPPA), and the California Consumer Privacy Act (CCPA) for the United States, and the Personal Information Protection and Electronic Documents Act (PIPEDA) for Canada.

• Access official government websites, such as the Federal Trade Commission (FTC) in the U.S., the Department of Health and Human Services (HHS), and the Office of the Privacy Commissioner of Canada (OPC).

2. Legal Journals and Publications:

Explore legal journals and publications that cover privacy and data protection issues. These may provide in-depth analyses, case studies, and interpretations of relevant laws.

A. United States:

Federal Trade Commission Act (FTC Act):

1. Source: United States Code, Title 15, Section 45.

• Access: FTC Act - 15 U.S.C. § 45 https://www.law.cornell.edu/uscode/text/15/45

2. Gramm-Leach-Bliley Act (GLBA):

• Source: Public Law 106-102 (1999).

• Access: GLBA - Public Law 106 – 102 https://www.govinfo.gov/app/details/PLAW-106publ102

3. Health Insurance Portability and Accountability Act (HIPAA):

• Source: Public Law 104-191 (1996).

• Access: HIPAA - Public Law 104-191 https://www.govinfo.gov/app/details/PLAW-104publ191

4. Children's Online Privacy Protection Act (COPPA):

• Source: 15 U.S.C. §§ 6501-6506.

• Access: COPPA - 15 U.S.C. §§ 6501-6506 https://www.law.cornell.edu/uscode/text/15/chapter-91

5. California Consumer Privacy Act (CCPA):

• Source: California Civil Code §§ 1798.100 - 1798.199.

• Access: CCPA - California Civil Code §§ 1798.100 - 1798.199 https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=CIV&division=3.&title=1.81.5.&part=4.&chapter=&article=