Essential HIPAA Rules for Websites, Social Media, Email, Text Messaging and Patient Reviews


CLE credits earned: 2 GENERAL (or 2 LAW & LEGAL for WA state)

This webinar is for lawyers who advise health care providers, health care marketers and also for lawyers representing plaintiffs whose health privacy rights have been violated. Health care providers commit tens of thousands of highly visible HIPAA law violations on the Internet every day, exposing themselves to liability and their patients to serious risk of medical identity theft. They routinely violate HIPAA Rules governing 21st Century patient attraction and engagement tools: websites, social media, email, text messaging and reviews from patients. The violations and attendant risks are entirely unnecessary – simple steps allow health care providers to take advantage of safe harbors in the HIPAA Rules while engaging patients on the Internet. Those HIPAA Rules for websites, social media, email, text messaging and patient reviews are explained clearly with exact citations to the law in this webinar.

HIPAA regulation of websites, social media and patient reviews date from the 2003 Privacy Rule. HIPAA Rules for email and text messaging are newer; announced in 2013 with the Omnibus Rule, expanded by the CLIA Program and HIPAA Privacy Final Rule in 2014, underscored by important guidance issued by HHS in 2016 and reiterated by the top HHS HIPAA enforcement official, Office for Civil Rights Director Roger Severino in 2018. A 2015 FCC Order established specific requirements for TCPA compliant health care informational text messages that are widely misunderstood and consequently, widely violated. Current HIPAA Rules for email and text messaging and health care text message compliance under the TCPA are explained along with the simple 3 step HIPAA safeguard that saves health care providers and their business associate marketers from all liability for unauthorized access to protected health information in unencrypted emails and text messages during transmission and after receipt by a patient. Failure to follow the 3 step safeguard violates HIPAA and creates significant exposure to class action lawsuits and enormous statutory damages afforded by the TCPA.

This course is co-sponsored with myLawCLE.

Key topics to be discussed:

•   What to look for on a website or social media site – how to identify violations – and how to fix them
•   How HIPAA defines protected health information (PHI)
•   The simple 3 Step Safeguard that enables health care providers to communicate with patients by unencrypted email and text messaging
•   How to avoid – or identify – health care informational text message TCPA violations
•   What health care providers and business associates providing unencrypted email and text message services should know to protect themselves
•   Patient reviews: what health care providers should, should not, and must not do

Date / Time: August 9, 2019

•   2:00 pm – 4:00 pm Eastern
•   1:00 pm – 3:00 pm Central
•   12:00 pm – 2:00 pm Mountain
•   11:00 am – 1:00 pm Pacific

Choose a format:

•   Live Video Broadcast/Re-Broadcast: Watch Program “live” in real-time, must sign-in and watch program on date and time set above. May ask questions during presentation via chat box. Qualifies for “live” CLE credit.
•   On-Demand Video: Access CLE 24/7 via on-demand library and watch program anytime. Qualifies for self-study CLE credit. On-demand versions are made available 7 business days after the original recording date and are view-able for up to one year.

Select your state to see if this class is approved for CLE credit.

Choose the format you want.


Original Broadcast Date: February 22, 2019

Paul R. Hales, Esq. received his Juris Doctor degree from Columbia Law School and is licensed to practice law before the Supreme Court of the United States. He is an expert on HIPAA Privacy, Security, Breach Notification and Enforcement Rules with an international HIPAA consulting practice based in St. Louis. He regularly gives seminars and webinars on all aspects of HIPAA law. Paul is the author of all content in The HIPAA E-Tool®, an Internet-based, Software as a Service product for health care providers and business associates.

Accreditation Policy
myLawCLE seeks accreditation for all programs in all states. (Accreditation for paralegals sought thru NALA and NFPA paralegal associations.) Each attending attorney/paralegal will receive a certificate of completion following the close of the CLE program as proof of attendance. In required states, myLawCLE records attorney/paralegals attendance, in all other states attorney/paralegal is provided with the approved CLE certificate to submit to their state bar or governing association.

    Automatic MCLE Approvals

All myLawCLE CLE programs are accredited automatically either directly or via reciprocity in the following states: AK, AR, CA, CT, FL, HI, ME, MO, MT, ND, NH, NM, NJ, NY, WV, and VT. (AZ does not approve CLE programs, but accepts our certificates for CLE credit.)

    Live Video Broadcasts

Live video broadcasts are new live CLE programs being streamed and recorded for the first time. All of these programs qualify for “Live” CLE credit in all states except NV, OH, MS, IN, UT, PA, GA, SC, and LA —these states require in-person attendance to qualify for “Live” CLE credit.

    “Live” Re-Broadcasts

“Live” Re-broadcasts are replays of previous recorded CLE programs, set on a specific date and time and where the original presenting speakers calls in live at the end of the event to answer questions. This “live” element allows for “live” Re-broadcast CLEs to qualify for “Live” CLE credits in most states. [The following states DO NOT allow for “live” CLE credits on re-broadcast CLEs: NV, OH, MS, IN, UT, PA, GA, SC, and LA]

Many states allow for credit to be granted on a 1:1 reciprocal basis for courses approved in another mandatory CLE jurisdiction state. This is known as a reciprocity provision and includes the following states: AK, AR, HI, CT, FL, ME, MO, MT, ND, NH, NM, VT, NJ, NY, and WV. myLawCLE does not seek direct accreditation of live webinars or teleconferences in these states.

Section I. Importance of 21st Century Patient Engagement

Section II. HIPAA Rules covering Web Sites – Social Media
a) 2 Simple Safeguards

Section III. New HIPAA Rules – Email & Text Message
a) 3 Step Safeguard – “Duty to Warn”

Section IV. HIPAA Rules covering Patient Reviews
a) Patient Review Safeguards