April 2024 - Medical Association of the State of Alabama

Archive for April, 2024

Tracking A Patient’s Every Move: HIPAA Compliance Risk

Posted by Mallory Camerio on April 17, 2024

By: Kelli Fleming with Burr & Forman LLP

The Health and Human Services Office for Civil Rights (”OCR”) recently published a guidance bulletin addressing the use of online tracking technologies by entities covered by HIPAA, including but not limited physician practices.

A tracking technology is used to collect information about how online users interact with websites or mobile applications. For example, have you ever wondered why after you search for a product on google, it automatically appears as an ad in your social media for the next few days? That is the result of a form of tracking technology.

When used by healthcare providers, the information that is collected by way of a tracking technology may be considered protected health information (“PHI”) covered by HIPAA. If a healthcare provider utilizes a tracking technology vendor to gather and analyze information, including information about patients, the provider must ensure that the release of the information to the vendor is compliant with HIPAA and is not an impermissible use or disclosure.

In the recent bulletin, OCR clarified that individually identifiable information “collected on a regulated entity’s website or mobile app generally is PHI, even if the individual does not have an existing relationship with the regulated entity and even if the [information] does not include specific treatment or billing information like dates and types of healthcare services.”

Covered entities that engage a user-authenticated webpage (i.e., a website that requires a log-in) should only allow tracking technologies to use and disclose information in compliance with HIPAA, including in a secure manner. In order to comply with HIPAA, the covered entity must either enter in a Business Associate Agreement (“BAA”) with the vendor, or obtain patient authorization for such use and/or disclosure. Disclosing PHI to tracking technology vendors based solely on informing individuals of such use in the website’s privacy policy or terms of use is not sufficient, nor is merely accepting or rejecting cookie use. There must be either a valid, HIPAA compliant patient authorization or a BAA, and the use and/or disclosure must be permissible under HIPAA. For example, a disclosure to a tracking vendor for marketing purposes, without an authorization, would be impermissible.

Covered entities using a website that is not user-authenticated (i.e., does not require a log-in) need to determine if any of the information obtained by the tracking vendor would be individually identifiable and constitute PHI. If so, a BAA and compliance with HIPAA would be required. However, the determination as to whether or not PHI is being collected by the vendor is not always clear and may not necessarily be known by the provider. OCR provides the example that if a student is writing a term paper regarding oncology services and visits a hospital’s oncology services webpage, information tracked in connection with that website visit would not be considered PHI. However, if a patient were looking at the same page regarding oncology services to see a second opinion on treatment options for a brain tumor, information tracked in connection with that website visit would be considered PHI. It would be difficult, if not impossible, for providers to determine the purpose of the visit.

Thus, based on the recent OCR guidance, if a covered entity is utilizing tracking technologies on its websites, in my opinion, the provider should always act as if PHI is being tracked and enter into a BAA with the vendor and ensure the use/disclosure is appropriate under HIPAA.

Kelli Fleming is a Partner at Burr & Forman LLP practicing exclusively in the Healthcare Practice Group. Kelli may be reached at (205) 458-5429 or kfleming@burr.com.

Tags: HIPAA, social media, technology, tracking

Posted in: HIPAA, Legal Watch, Technology

Medical Association Unveils ‘Your Care is at Our Core,’ Emphasizing Personal Connection in Health Care

Posted by Mallory Camerio on April 3, 2024

83% of Alabamians Agree: Doctor-Patient Relationship is ‘Central’ to Health

A strong bond between doctors and patients leads to better health care, say Alabama doctors. A new awareness campaign launched by the Medical Association of the State of Alabama called “Your Care is at Our Core” reinforces this important message.

A doctor-patient relationship based on mutual trust allows doctors to help patients navigate what can be complex health challenges. It is a responsibility doctors say they don’t take lightly.

“From the moment that you begin training to become a doctor, it’s made very clear and apparent to you that people are going to place their trust in you. They’re placing their lives in your hands so you have to take that very seriously,” said Dr. Hernando Carter, a doctor of internal medicine in Birmingham. “It has to be the most important thing to you.”

Building Trust
Trust is essential because patients are more inclined to share crucial information about their health concerns and personal circumstances when they feel a genuine connection with their doctor.

This honest exchange of information enables doctors to make informed decisions, tailor treatment plans and provide care that aligns with each patient’s unique needs and preferences.

A Collaborative Approach to Wellness
Moreover, a strong doctor-patient relationship fosters a supportive environment where patients feel empowered and engaged in their healthcare journey. When patients feel heard and valued, they are more likely to adhere to treatment regimens, follow medical advice and actively participate in the shared decision-making process.

“I tell my patients all the time that I can’t make you well on my own. It’s a team effort, something that we have to work together on and I think that resonates well with patients,” said Dr. Brittney Anderson, a family physician in Demopolis.

‘Be a Good Listener’

Physicians recognize that effective communication and empathy are vital in fostering positive patient outcomes. By building rapport and understanding their patients’ concerns, doctors deliver patient-centered care and uphold the sanctity of the doctor-patient relationship as a cornerstone of healthcare excellence.

“One of the most important things when I train medical students and residents is I teach them to sit down with the patient,” said Dr. William Admire, a doctor of internal medicine in Mobile. “The most important thing about being a doctor is to be a good listener, show respect, show empathy, compassion.”

Statewide Consensus
According to a statewide survey conducted in March on behalf of the Medical Association, 83 percent of Alabamians agree “the doctor-patient relationship is central to health care.” The poll also showed that 83 percent agree with the statement: “It is crucial for physicians to be involved in my care so that I have the best outcomes.”

To watch a video of Alabama physicians discussing why they view the doctor-patient
relationship as sacred, click here.

To view the “Your Care is at Our Core” video message, click here.

Posted in: Advocacy, Health, Official Statement

Gov. Ivey Declares March 30 “Doctors Day” in Alabama, Doctors Share Stories of Why They Became Physicians

Posted by Mallory Camerio on April 1, 2024

Gov. Kay Ivey has proclaimed March 30 as “Doctors Day” in Alabama and doctors are celebrating the occasion by sharing personal stories about why they chose medicine for their profession.

In a video released by the Medical Association of the State of Alabama, several doctors say as they were growing up it was their own doctors who inspired them.

Dr. Hernando Carter, a doctor of internal medicine in Birmingham: “I was a preemie when I was born and spent a lot of time at the doctor with asthma and bronchitis. I know when I went to the doctor she would give me a breathing treatment, help me feel better and she’d give me a lollipop. So when I was 4 years old I said, ‘That’s a cool job. You get to help people feel better and give them candy’…I give my patients a lollipop at the end of every visit just as kind of an homage to her.”

Dr. Tonya Bradley, a primary care doctor in Auburn: “I grew up in a rural area of Alabama where our family doctor is the person who took care of us. When I was around five my dad was diagnosed with cancer and spent a whole summer in the hospital and I was there a lot, and I was really just touched by the physicians and the way they cared for our family.”

Dr. Brittney Anderson, a family medicine physician in Demopolis: “My parents say that I’ve been saying I wanted to be a doctor since I was six years old and I never changed my mind…Really the desire to help people and to make people feel well and be well is at the core of why I practice medicine and I think why I’ve always wanted to practice medicine.”

For these and other Alabama physicians, caring for patients is at their core. Physicians entered the practice of medicine to care for patients, to be their patients’ strongest ally, and to give personal attention to those they are honored to treat.

Doctors Day is observed annually as a time to honor and recognize the physicians who care for Alabamians every day of the year.

Gov. Ivey’s proclamation notes that about 17,000 physicians are licensed to practice medicine in the state, and “those who have chosen the medical profession serve their communities with reverence for human life and individual dignity.”

To read the Governor’s proclamation, click here.

To watch the video, click here.

Posted in: Members, Official Statement