Include the EHR and Patient Portal in a Disaster Recovery Plan

Have a backup plan in place for data that staff and patients are used to accessing through the portal. This plan should include off-site storage of data plus ways of accessing that data when the clinic’s computers are not available.

Download Resources

Bring the Clinic HIPAA Officer into Portal Implementation

Involve your Health Insurance Portability and Accountability Act of 1996 (HIPAA) officer in every step of portal deployment. As each portal module is evaluated and deployed, the HIPAA officer should oversee developing workflows and oversight measures that secure protected health information (PHI), as it is defined in the HIPAA Security Rule.

Provide Oversight to Prevent Improper Release of Protected Health Information

Because portals can transmit PHI, portal operations must have close oversight to avoid exposing that information due to inadequate staff training, improper software configuration, vendor errors or user errors. Portal workflows must safeguard PHI.

Plan to Read Clinical Messages Promptly

Clinical messaging is a portal functionality that allows secure communications between a patient and their provider/care team. Portal systems typically warn patients not to use clinical messaging for emergency needs, referring them to 911. Even with this warning, many clinics find it critical to view patient messages as soon as possible.

The information set forth in this Knowledge Center should not be construed as legal or medical advice, a legal or medical opinion on specific facts or representative of the views of the Colorado Health Foundation, its directors, affiliates, agents or representatives unless so stated. This Knowledge Center is not intended as a definitive statement on the subject matter referenced herein. Rather, it is intended to serve as general information for readers, providing practical information for health care organizations seeking to implement and maintain patient portals. By downloading, using or accessing information contained in this Knowledge Center, you agree to be bound by the Terms of Use set forth at together with all agreements or instruments referenced therein.