Do I need to obtain consent from my patients to implement a patient portal?
No. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) permits the disclosure of health information to the patient without requiring the patient's express consent. Additionally, patients nearly always have a right to access their own health information. A portal is an excellent way to afford patients access to their own information and to encourage them to be active partners in their health care. When implementing a portal, work with your vendor to ensure that privacy and security safeguards are put in place. For example, it is important to have strong practices in place to ensure that the patient who is accessing a portal is who they say they are, including unique user IDs and passwords and potentially two-factor authentication (for example, a code being sent to a cell phone in addition to a password). Patients should also be educated on appropriate use of the portal and the importance of safeguarding their log-in credentials as well as where they store any information they download or print.