Nadine Fisher MS, RD/LD
NE Internet & Business Technology Chair
Web & Technology Solutions that Work for You!
www.nutritionnetworks.com
issue 67
Add to favorites
Another cake mix idea -
Mint Chocolate Chip Cookie Podcast:
Hello Everyone:
I would like to announce that our next NE Internet and Business Technology teleconference is scheduled for Thursday November 16th at 3PM CT. This teleconference is free and NE members can access the call using an 800 toll free number. The topic is Secure Online Services. I am looking for guest speakers for this teleconference, so please let me know if you or someone you know is interested in sharing their expertise in this area. Read more about this teleconference here.
In today's issue of Tech Talk we will review some of the frequently asked questions I receive from NE members on PayPal shopping carts and on HIPAA compliant communications and file security. Read more below.
Nadine
__________________________________________________
"I have learned so much from this group I can't believe it!"
" This group really provides allot of value to NE Membership."
NE Internet Specialty Group Members
__________________________________________
"Your time is a valuable resource." - Bill Gates
"...and you don't want to waste it! " - Nadine
_____________________________________________
Are you available to participate in the free fall NE Internet & Business Technology Teleconference scheduled in November? Read more about this here.
NE Internet & Business Technology Fall Teleconference
I am planning a fall teleconference for our group in mid November. This teleconference will be free for all NE members who will be provided access to the call with an 800 toll free number. The tentative topic is Secure Online Services. The date is Thursday November 16th at 3pm CT. If you know of someone who would like to share their experience on this topic, please contact me at: Nadine I am also interested in any feedback on this topic or other topics you would like covered at this or future teleconferences.
____________________________________________________________________________________
FAQ #1
Should I use PayPal on my website?
Response: Yes, Yes, Yes. Refer to last weeks edition of Tech Talk about the trend for online payments. The two most common alternative methods used today are PayPal and Bill Me Later. The reason for this is cost and the trend to use services like these is on the rise.
In addition please read the information below:
Advantages of using Paypal
from paypal.com
Seller Tools
PayPal's Website Payment products allow you to accept payments online with one click from your website. Website Payment products:
- It allows sellers to accept payments from over 100 million customers
- Easy sign-up for sellers and easy to use for the buyers
- Free to place on your website or in emails
- Can be accepted in Multiple Currencies
- Business/Premier Accounts can accept all PayPal payment methods
- Payment information is encrypted to protect the Seller and the customer
- Provides the seller flexibility to create customized graphics for the payment button or use PayPal's graphics
- Free for buyers to use
FAQ#2
Is it legal to provide email and/or webcam consults and and how do I do this and protect my license and comply with HIPAA?
Response: Yes you can provide email consults and web cam consults legally. I will address the issue with licensure first.
Licensure
You are free to serve anyone in the state where you are licensed. If someone contacts you from another state then you should determine if that state has licensure and read what it pertains to. I have all state licensure information and contacts in my Guidelines for Online Services. In addition you can contact CDR for this information. At this point you should also check with the state licensure board about reciprocal licensure agreements, although I think that most states with licensure do not entertain them. Finally some RD's will request that the client agree to accept services (and I would recommend getting this in writing in a release statement) from your state of residence. Now, keep in mind that if you are really concerned about possible negative repercussions of serving someone in another state you need to weigh how many potential clients you might have in this "other" state against the steps you need to take to avoid liability. Will you be serving one client or possibly 50? In other words, is the juice worth the squeeze?
Email Consults
It is legal and the current practice of many professionals to provide email consults to your clients. In fact, some physicians are already getting insurance reimbursement for email consults. " Dr Bart Barrett uses RelayHealth's webVisits® service to charge patients and bill insurance for online consultations. Physicians charge a fee for online consultation when there is a clinical exchange of information. The average charge (set by physicians in a region) for this service is $20 per online communication. In April alone Barrett had almost 400 messages processed for billing online services." Refer to Tech Talk issue 59.
There are two major issues to consider when providing email consultations. These issues are authentication and encryption. Authentication - how do you know that the email you are sending is received by the person who you intend to receive it? Encryption- How do you know that the email message is transported to your client without interception? Here is information related to transporting electronic protected health information (HIPAA) as reported in an earlier issue of Tech Talk:
DEFINITIONS:
Encryption: The process of converting messages in ordinary language, or
other information into a secret coded form that cannot be interpreted without
knowing the secret method for interpretation, called the key. Read more about using an encrypted mail service from my
SSL: he Secure Sockets Layer protects data transferred over http using
encryption enabled by a server’s SSL Certificate. An SSL Certificate contains
a public key and a private key. A public key is used to encrypt information
and a private key is used to decipher it. When a browser points to a secured
domain, an SSL handshake authenticates the server and the client and
establishes an encryption method and a unique session key. They can begin
a secure session that guarantees message privacy and message integrity.
Authentication: To render authentic; to give authority to, by the proof,
attestation, or formalities required by law, or sufficient to entitle to credit.
PHI (Protected Health Information):Individually identifiable health
information that is: (i) Transmitted by electronic media; (ii) Maintained in an
electronic medium; or (iii) Transmitted or maintained in any other form or
medium.
ePHI (Electronic Protected Health Information): PHI that is transmitted or
stored electronically.
Frequently Asked Questions:
Q. Does HIPAA mandate encryption for PHI sent over the Internet?
A. Yes. Encryption is an addressable implementation standard. Keep in mind
that addressable means you need to either implement the specification as
written in the rule, or use and document an equivalent alternative, or
document why encryption is not an option for you. Given the availability of
low cost encryption solutions, it will be very hard to justify not encrypting
data sent over an open network.
Q. Is there a standard for encryption?
A. Yes. The only standard is encryption should be at least 128 bit encryption.
Encryption technology is not fully mature. There are a number of solutions
on the market but no real leaders and no set standard. You need to adopt a
standard for your organization that fits your needs and is similar to solutions
selected by organizations of your size and complexity.
Q. What is the greatest point of vulnerability in transmitting ePHI?
A. At the send and receive points. In addition to encryption you also need to
consider authentication. You need to be confident that the person sending
you the ePHI, or the person you are sending the ePHI to, is a valid entity and
the recipient is the appropriate person within the organization.
Q. Can I post ePHI to my secure web site?
A. Yes as long as you use authentication such as a password to access the ePHI
and you use encryption (SSL) before communicating any ePHI.
Can you ensure security of transmission using a Web Cam?
Yes- there are Web Cam programs that provide encrypted transmission of the streaming video. Below is one example of a program that provides authentication and encryption. In addition, you can secure transmission of streaming video using a VPN or Virtual Private Network.
F-Secure SSH Client 4.2 authenticates server and encrypts traffic between the client and server ( the client is the computer that receives the information, the server is the computer that sends the information). F-Secure SSH Client consists of three integrated components: F-Secure SSH Terminal (provides secure login connections over unknown or untrusted networks), F-Secure SSH Tunnel (enables secure tunneling of Internet protocol services like email and web browsing), F-Secure SSH File Transfer (with a graphical user interface provides a simple and secure file transfers over insecure networks). F-Secure SSH Client 4.2 can connect to both version 1.x and 2.x SSH servers and detect automatically which server version is in use.
Read about Yahoo Messenger Security here.
_________________________________________________________________________
Technology Tip: Consider using an online calendar for scheduling and sharing appointments.
Review programs here.
Do you have a technology tip you would like to share? If so - please send it to me and I will be happy to post it in this e-communication. Send your tips to: Tech Tips
Are you developing a publication, brochure, or website in the near future? To assist you with selecting your color scheme try out the Color Scheme Creator .
*The opinions expressed in this column are those of the author only.
Contact: Nadine if you have questions!
© Nutrition Networks 2005-2007