The “Contact Us” page on a website is a staple for businesses that want current and potential customers to get in touch easily. Consumers have come to expect expediency when it comes to sharing their questions and concerns, and Forrester reports that 45% of Americans will abandon an online transaction if there isn’t an easy way to contact the company. With this in mind, a simple contact page is not a nice-to-have on a website, it’s a must.
The contact page may seem simple enough in concept, but for healthcare organizations, it’s actually a bit complicated. To streamline the patient intake process, many healthcare providers now have online forms that patients can fill out remotely, in which they request basic contact details. While efficient in theory (no handwriting to decipher!), there are some privacy issues that arise from transmitting this type of information over the Internet. When it comes to “Contact Us” pages and other patient information forms, there are protections that healthcare practitioners and vendors must follow to safeguard information.
Take a look at all the things your “Contact Us” and intake forms should do if you’re a healthcare organization.
Offer Privacy of Information
If you’re going to ask people for protected health information, or PHI, then you need to have a plan to keep that data safe and HIPAA-compliant. It’s not enough to add a disclaimer that warns people to only list the information they’re comfortable transmitting; most people will assume if a healthcare provider is offering the form online, that practitioner is also safeguarding the data. Healthcare organizations need to kick “Contact Us” and other form privacy up a notch by securing it beyond what a typical business would do. Adding an additional level of security is inexpensive and protects providers from appearing negligent if anything compromises patient information submitted through a form.
With that said, it’s important to note that providers cannot control the information that patients send on their own, through email, text, or other electronic formats. There are patients who will send photos and other sensitive health data through their non-encrypted email accounts but at least in those cases, it’s of their own accord. When a provider is hosting the form that houses the information, that organization assumes responsibility for safeguarding the sensitive data enclosed.
Prioritize Proper Storage
After someone submits information through a “Contact Us” form, where does it go? If you’re using an unsecured platform like Google Forms, that data is at risk of discovery by hackers or other cyber-criminals. Healthcare practices must have a secure system in place that encrypts the data upon submission by the patient and requires a decryption code from anyone who will read it. The same is true of any contact information stored on a server or in the cloud. No one should have access by simply clicking a file name. When data moves from active files to archives, it must still have strong security measures in place.
Every piece of protected health information obtained from patients, and written about them, must pass a stringent security test that includes encryption. This is true of data collected from contact pages and also to internal and external email. Don’t assume that a “secure server” is safe; communications and data stored electronically must have an added layer of security that includes encryption.
Today’s modern Internet user has no time to lose. When a patient submits a form, he or she expects to hear back quickly, whether to make an appointment or have a health question answered. A savvy “Contact Us” workflow will incorporate notifications that push to email addresses and mobile devices so that several people are aware that a patient or potential patient is trying to make contact. The mobile aspect of the notifications is especially important, as more healthcare employees spend time away from their desks. These employees must properly secure notifications if they contain protected health information.
Whenever possible, healthcare providers should also educate patients on proper use of protected health information. For instance, patients should never reply to an email message asking for Social Security numbers or credit card numbers (and a practitioner should never ask for these things via email, either). A quick tutorial on the difference between secure email servers and data encryption is also a service that healthcare practitioners should offer, either by a staff member upon check in or through a paper/brochure the provider hands out. The more patients feel empowered to protect their data, the better chance practitioners have of keeping health information safe.
As more people head to the Web to have questions answered and bypass making phone calls, healthcare practitioners have a responsibility to keep data safe in transit, in storage, and when viewed by all employees.