Overview: This session will focus on the rights of individuals to communicate in the manner they desire, and how a medical office can decide what is an acceptable process for communications with individuals. The session will explain how to discuss communications options with individuals so that you can best meet their needs and desires, while preserving their rights under the rules.With the new HIPAA random audit program now getting under way, and increases in enforcement actions following breaches, now is the time to ensure your organization is in compliance with the regulations and meeting the e-mail and texting communication needs and desires of its providers and patients. You need the proper privacy protections for health information, and the necessary documented policies and procedures, as well as documentation of any actions taken pursuant to your policies and procedures. Your policies and procedures may need revisions to maintain compliance in areas such as individual access of records and breach notification. And, of course, you will need to train your staff in all the new policies and procedures.E-mail has long been a staple of people's lives, but as we move into the new digital age, it seems everyone is moving to a new smart phone and wants to use it in all the incredible ways it can be used for health care purposes, including the use of e-mail and texting. Doctors are finding that texting is far more flexible, convenient, and effective than paging, and patients want to be able to use short message texting for handling of appointments, updates, and the like, where even e-mail or the telephone would seem inconvenient.In order to integrate the use of e-mail and texting into patient communications, it is essential to perform the proper steps in an information security compliance process to evaluate and address the risks of using the technology. This session will describe the information security compliance process, how it works, and how it can help you decide how to integrate e-mail and texting into your organization in a compliant way. The process, including the use of information security risk analysis, will be explained, and the policies needed to support the process will be described.But the process must also include consideration of various patient access requirements in the HIPAA Privacy Rule. There are requirements to provide patients electronic access of electronically held PHI which raise new questions of how that access will be provided and how the information will be protected during and after access. There has long been a HIPAA requirement for covered entities to do their best to meet the requests of their patients for particular modes of communication, and using e-mail or texting is no exception.