Communicate with Patients and Follow HIPAA – MACRA and MIPS

MACRA and MIPS Accelerate Patient Engagement

Health care providers who accept Medicare are adapting to new rules under the Medicare Access and CHIP Reauthorization Act or MACRA.[1] The law is dense and complicated, but essentially, its purpose is to adjust payment measures to reward the delivery of high-quality patient care. The Merit-based Incentive Payment System (MIPS) is a core element of the change from prior rules. The relevance to HIPAA is that a central element of MACRA is an increased focus on patient engagement because when patients are engaged in their own healthcare, outcomes improve.

Effective patient engagement requires regular patient communications. The problem is that communications raise the risk of disclosure of protected health information (PHI). And today, with the use of email and text messaging, the risk is even greater. Ninety-nine percent of patients today use social media and most prefer regular, unencrypted email and texting. Unfortunately, they may not have considered the consequences.

Using unencrypted emails and text messages is like handing a postcard to someone in L.A. who will hand it off to a million people as it travels to N.Y., and each of those million can read it anywhere along the line.

HIPAA Can Help with Easy to Follow Step-by-Step Rules

HIPAA provides a 3-step safeguard that helps both providers and patients –  providers will stay in compliance and patients are engaged in maintaining privacy of their own PHI. 

Simply stated, it includes:

  1. Notice – a duty to warn;

  2. Let the patient decide; and

  3. Document the warning and response in writing.

If a patient says “no” to unencrypted communication, take steps to encrypt and inform your workforce and business associates, and document these steps. A common misunderstanding is that if a patient initiates communication through email, the provider can assume the patient accepts this method. Although this was the HHS policy in 2008, it changed in 2016 when the duty to warn became law. 

The HIPAA E-Tool® is always up to date

Letting patients decide and documenting the process is easy with The HIPAA E-Tool®.  Below is an excerpt from Policy PR-3 – Request for Confidential Communication. Form PR-3.B – Unencrypted Text Message and Email Language for Information & Registration Update Forms is all you need.

 Easy to use,  The HIPAA E-Tool ® helps you communicate with patients and documents actions taken 
Easy to use, The HIPAA E-Tool ® helps you communicate with patients and documents actions taken 
 /* Style Definitions */





/* Style Definitions */
{mso-style-name:”Table Normal”;
mso-padding-alt:0in 5.4pt 0in 5.4pt;

Patients want email and text messages and you CAN do it within the law. Follow the steps.



[1] A full review of MACRA is beyond the scope of this blog but a good summary can be found here: and elsewhere on the web.


The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start Kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Share This Post

Share on facebook
Share on twitter
Share on linkedin

Maggie Hales

Maggie Hales is a lawyer specializing in health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2020 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

3534 Washington Avenue, Saint Louis, MO 63103
Terms of Service | Privacy Policy

Powered by JEMSU

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free