How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask PlotinusLaw Your Own Question
PlotinusLaw, Attorney
Category: Legal
Satisfied Customers: 738
Experience:  14 years of experience in all areas of family law.
Type Your Legal Question Here...
PlotinusLaw is online now
A new question is answered every 9 seconds

Many physicians have online forms on their web sites. Is

Customer Question

Many physicians have online forms on their web sites.

Is it true that if an existing patient attempts to communicate with a physician through one of these insecure online forms that that would constitute a HIPAA violation?

If not absolutely true, what are the conditions which would make it a risky communication for the practitioner?
Submitted: 6 years ago.
Category: Legal
Expert:  PlotinusLaw replied 6 years ago.
Thank you for your question and for contacting Just Answer. The short answer to your first question is it could. If the form is not secure, and there is a breach, meaning that the information was disclosed to unauthorized parties, or unauthorized parties hacked the system and obtain that information. Having said that, if the proper precautions are in place, HIPPA policy encourages the use of Web applications for doctor-patient communication and patient access to the patient's own medical records. In fact, as of 2003 HIPPA made patient access to medical records mandatory. As such, a physician using a web application in order to make patient information available to the patient would be in compliance with that policy.

In researching the answer to your questions, I came across the following website which you might find helpful. Here is the URL:

As well as:

Now to respond to the second half your question, what makes it a risky situation for the physician is if he has not chosen a professional and vigilant developer to design and host the medical practice web application. Emphasis has to be on security and reliability if the physician is going to provide access to patient medical information over the Internet. You may find the following link to contain useful information and additional resources:

I hope that you have found this information helpful. If there is something that I have not explained clearly, or, if you are dissatisfied with the answer, please don't hesitate to ask a follow-up question. Also, please remember to click on the green "accept" button so that I may receive credit for this answer as well as any comments or feedback you may have. Your question will not close, and you will still have the opportunity to follow-up if needed. I wish you the best of luck in pursuing your case.

This is information only, not legal advice. No attorney-client relationship has been created. Please consult an attorney in your state for legal advice regarding your matter.
Customer: replied 6 years ago.
I am terribly sorry for the delay. I thought I had already replied. I had a brief clarifying question:

It seems you're suggesting that the mere communication isn't necessarily a HIPAA violation, but that if a form is submitted without SSL (or similar online security) that the physician is taking the greatest risk. Is that correct?

Thanks, XXXXX XXXXX again for my previous failure to hit the "Reply to Expert" button.

Will Scott