The Privacy Rule governs the use and disclosure of protected health information (PHI), but it doesn't restrict pharmacists from offering general health advice that doesn't involve disclosing PHI.
What HIPAA says
According to HHS guidance, “A pharmacist may provide advice to customers about over-the-counter medicines. The Privacy Rule permits a covered entity to disclose protected health information about an individual to the individual.” For example, when a pharmacist recommends an over-the-counter medication for a cold or explains potential side effects, they aren't necessarily using or disclosing PHI. As a result, these interactions typically aren't subject to the strict requirements of the Privacy Rule.
However, if a pharmacist provides advice based on a patient's specific medical conditions or history, if a patient inquires about over-the-counter options for managing a chronic condition, or if a patient shares personal health information, the pharmacist must handle this information according to HIPAA standards. This includes taking necessary steps to protect the patient's privacy, such as making sure conversations aren't overheard and securing any written records.
Improving medical adherence to over-the-counter advice
The World Health Organization (WHO) defines adherence as, “the extent to which a person’s behavior – taking medication, following a diet, and/or executing lifestyle changes, corresponds with agreed recommendations from a health care provider.”
Adherence is still necessary when it comes to over-the-counter medications. Even though these medications don't require a prescription, they should still be used responsibly. Following the dosage instructions and guidelines helps avoid potential side effects or interactions with other medications. For example, taking too much of an over-the-counter pain reliever can lead to serious health issues, such as liver damage or stomach bleeding.
HIPAA compliant email can provide a convenient and accessible way for patients to receive reminders and information about their medication regimen. Emails can be used in the following ways:
- Send emails containing PHI through encrypted services that offer message expiration dates.
- Create specific consent forms for different types of email communication, such as a separate consent form for over the counter advice versus prescription related inquiries.
- Develop pre written email templates for common over the counter inquiries, such as dosage instructions or side effect management.
- Provide patients with clear instructions on how to securely communicate via email, including using secure devices and avoiding public Wi Fi when accessing sensitive information.
Best practices for providing over-the-counter advice
- When discussing general health advice or medication options publicly or in a setting where others might overhear, avoid using identifiable patient information.
- When providing advice on specific over-the-counter categories (e.g., allergy medications, pain relievers), focus on general usage guidelines and potential interactions without referencing the patient's specific health conditions unless necessary.
- In physical locations like pharmacies or clinics, use privacy screens at consultation counters and sound masking devices to prevent others from overhearing sensitive conversations.
- Clearly delineate between over-the-counter and prescription counseling sessions.
See also: Top 12 HIPAA compliant email services
FAQs
What is the Privacy Rule?
The Privacy Rule is a federal regulation under HIPAA that protects individuals' medical records and other personal health information by setting limits on the use and disclosure of such information.
Do pharmacists need to get consent to email patients?
Pharmacists generally need to obtain patient consent before emailing them if communications contain PHI.
What is PHI?
Protected health information refers to any information in a medical record that can be used to identify an individual and that was created, used, or disclosed in the course of providing healthcare services.
Kirsten Peremore
