Do I need to obtain consent from my patients to implement a patient portal?

No. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) permits the disclosure of health information to the patient without requiring the patient's express consent. Additionally, patients nearly always have a right to access their own health information. A portal is an excellent way to afford patients access to their own information and to encourage them to be active partners in their health care. When implementing a portal, work with your vendor to ensure that privacy and security safeguards are put in place. For example, it is important to have strong practices in place to ensure that the patient who is accessing a portal is who they say they are, including unique user IDs and passwords and potentially two-factor authentication (for example, a code being sent to a cell phone in addition to a password). Patients should also be educated on appropriate use of the portal and the importance of safeguarding their log-in credentials as well as where they store any information they download or print.

Certification of Health IT

Health Information Technology Advisory Committee (HITAC)

Health Equity

HTI-1 Final Rule

Information Blocking

Interoperability

Patient Access to Health Records

Clinical Quality and Safety

Health IT and Health Information Exchange Basics

Health IT in Health Care Settings

Health IT Resources

Laws, Regulation, and Policy

ONC Funding Opportunities

ONC HITECH Programs

Privacy, Security, and HIPAA

Scientific Initiatives

Standards & Technology

Usability and Provider Burden

Connect with us: