Non Secure Communication
Email is not appropriate for urgent or emergency situations. Dr. Ascher cannot guarantee that your particular email will be read and responded to within any particular period of time. If you or someone you know is in immediate danger, please call 911 immediately or go directly to the nearest emergency room. Dr. Ascher does not check his email everyday.
Under HIPAA (Health Insurance Portability and Accountability Act of 1996), certain information about a person’s health or health care services is classified as Protected Health Information (PHI). Dr. Ascher is a Google G Suite customer who is subject to HIPAA and uses G Suite with PHI. Dr. Ascher has signed a Business Associate Agreement (BAA) with Google. G Suite secures data from automated processing. Dr. Ascher’s email service is encrypted with SSL (Secure Sockets Layer)/TLS (Transport Layer Security).
Even though Dr. Ascher may utilize state of the art encryption methods, firewalls, antivirus software, passwords, disk encryption, and back-up systems to help secure communication, there is a risk that electronic communication may be compromised, unsecured, and/or accessed by a unintended third party. There is never a 100% guarantee information will remain confidential when transmitted electronically. With mobile devices, Dr. Ascher uses passwords, fingerprint technology, remote tracking, and remote wipe to maintain the security of the device and prevent unauthorized persons from using it to access any PHI.
Should you choose to contact Dr. Ascher using any type of nonsecure technology, it will be considered implied consent (with your permission) that Dr. Ascher will respond and return messages in the same nonsecure manner. If you do not wish to use nonsecure communications such as email, please leave a voice message on Dr. Ascher’s confidential answering machine at 646-812-1421 stating that you wish to speak over the telephone. Dr. Ascher is in solo private practice and the practice is usually full and closed to new patients. He cannot guarantee that he will be able to respond to your telephone call unless you are already an established patient in his practice.
Please understand the risks of sending and receiving non-secure transmissions. Please review the latest information the federal government has provided on email and HIPAA. The information can be found in the following pdf file (page 5634) https://www.gpo.gov/
Dr. Ascher’s website and server does not store any PHI at all. His website has an SSL certificate. Dr. Ascher utlizes vCita which employs the following technological safeguards: Client information is protected using 128-bit SSL encryption; accounts require secure login with password; timed auto-logouts; and data is backed-up on a daily basis. vCita also provides numerous settings and features to facilitate procedural standards including multiple user access levels, and the ability to easily add and remove users. vCita does not share, sell, disclose or provide patient/client information to third parties unless required by law. In addition to paper records, Dr. Ascher also uses Valant EHR and is happy to offer access to the Patient Portal for his clients. The portal is compliant with all HIPAA privacy regulations. Dr. Ascher also uses IntakeQ so that patients can electronically sign HIPAA, practice and policy forms. Dr. Ascher has signed a Business Associate Agreement (BAA) with IntakeQ and Valant EHR.
Please know that if you use electronic communication there are various technicians and administrators who maintain these services and may have access to the content of those communications. In some cases, these accesses are more likely than in others.
Of special consideration are work email addresses. If you use your work email to communicate with Dr. Ascher, your employer may access the email communications. There may be similar issues involved in school email or other email accounts associated with organizations that you are affiliated with. Additionally, people with access to your computer, mobile phone, and/or other devices may also have access to your email and/or text messages. Please take a moment to contemplate the risks involved if any of these persons were to access the messages you exchange with Dr. Ascher.
All existing patients who wish to communicate with Dr. Ascher electronically provide written consent for transmission of PHI via non secure means. Patients are not required to sign this agreement in order to receive treatment. Patients have the right to revoke authorization in writing at any time. For existing patients, any email transmission becomes part of the medical record and Dr. Ascher treats e-mail with the same level of conservancy, privacy, and confidentiality protections afforded to all medical records.Please share this post!