Tools to Grow Your Acupuncture Practice | Jasmine Software: October 2017

Sunday, October 29, 2017

Easily Create a PDF Document

Have you ever found yourself needing to quickly create a PDF file for your acupuncture practice?

Several times a year, I find myself having to create a PDF file for various reasons, like a quick invoice, contract, etc... any document that looks good and can be easily shared.

PDF documents are good for when you need to share information and don't want the document to be editable by someone else.

In this post, we'll go over the benefits of PDF files, why you would use them, and how to easily create them!

Benefits of PDF Documents

  • Formatting is preserved
  • Readable on almost every device. Free tools available.
  • Not easily editable
  • It's Free

What can you do with PDF files

  • Marketing collateral
  • Contracts
  • Invoices
  • Patient intake forms
  • Signed forms (ie. Informed Consents & Privacy Policies)

Create a PDF with Google Docs

  • Create a New Google Doc
  • Write out your document
  • Download as PDF Document

That's it!

Creating PDF documents are easy and fun!

Another added benefit is that a PDF file feels "official", especially if it's nicely formatted and looks great.

Do you create PDF documents in your practice? Post a comment below!

Minto Tsai

P.S. If this helped you, please Like, Share, email... all the social network love you can give!

Sunday, October 22, 2017

Being HIPAA Compliant with Gmail

As a continuation of exploring Gmail and HIPAA Compliance, this blog post will focus on using Gmail in a HIPAA Compliant way.

To read the previous blog post on this, click here for "Is Gmail HIPAA Compliant?"

To reiterate the core ideas from previous posts, first, email is inherently insecure, so do not sent PHI (Patient Health Information) through email.

Two, Gmail can be used in a HIPAA Compliant way, as mentioned in "Is Gmail HIPAA Compliant?"

Now, we're going to talk in detail about how to be HIPAA Compliant with Gmail.

Google Services covered by BAA

At the time of this post, only a subset of the Google Core Services are covered by the G Suite BAA.

This means, that only the apps in this first box are permitted to be used with PHI.

The following Core Services are not supported for PHI.

Signing the BAA

After signing up for Google's G Suite, you'll want to sign their BAA. The following steps show you how.
  1. Sign in to the Google Admin Console. Go to
  2. Click on Company Profile

  3. Click on Profile

  4. Scroll down to Security and Privacy Additional Terms

  5. Next, click Review and Accept

  6. Answer all three questions and click "Ok"

  7. Review the HIPAA Business Associate Agreement and click "I Accept"

How to send PHI through Gmail

As we've said before, email is inherently insecure. So, you don't want to directly include or attach PHI to your emails, even with Gmail.

The way to send PHI through email is to use Google Drive.

At a high level, you'll upload the PHI to Google Drive and follow the steps below to share with your patient.

  1. Right click on the file or folder to share to bring up the file menu

  2. Click on the Share menu item

  3. Click the Advanced link

  4. Ensure the sharing settings are set to "Specific people can access"

  5. Invite people by entering their email address and setting the correct permission for the file

Ask for Permission

As we mentioned in the post, "Is Gmail HIPAA Compliant?", you'll want to ask your patient's for permission to send HIPAA sensitive information through email.

Don't forget to get it in writing!

Further Reading

HIPAA Compliance with G Suite
G Suite HIPAA Implementation Guide
Opt in to the HIPAA Business Associate Amendment

Do you use Gmail in your practice? Post a comment below!

Minto Tsai

P.S. If this helped you, please Like, Share, email... all the social network love you can give!

Sunday, October 15, 2017

Is Gmail HIPAA Compliant?

Do you use Gmail? Gmail is one of the best email services available. Almost everyone has a Gmail account.

I know many acupuncturists who use Gmail, so it seems like something worth digging into. Is Gmail HIPAA Compliant?

First some house keeping...

As, we all know, HIPAA is the Health Insurance Portability and Accountability Act passed by Congress to regulate different aspects of healthcare.

As, part of HIPAA, the privacy rule regulates the handling of PHI (Patient Health Information) by "covered entities" (ie. you, the acupuncturist).

And, Gmail is a popular email service provided by Google.

Is email secure?

I say this all the time, and I'll say this again. EMAIL IS NOT INHERENTLY SECURE!

You do not want to be sending HIPAA sensitive information or PHI through email.

In the following blog post, I explained why email is insecure. Click on the link to learn why.

What makes email HIPAA Compliant?

We know email is inherently INSECURE. But can email be HIPAA Compliant?

There are a few things that need to be satisfied for email to be compliant.
  1. You must inform patients that email is insecure and get consent that it is ok to send PHI through email.

    Below is guidance from the HIPAA Omnibus Final Rule:

    We clarify that covered entities are permitted to send individuals unencrypted emails if they have advised the individual of the risk, and the individual still prefers the unencrypted email… If individuals are notified of the risks and still prefer unencrypted email, the individual has the right to receive protected health information in that way, and covered entities are not responsible for unauthorized access of protected health information while in transmission to the individual based on the individual’s request. Further, covered entities are not responsible for safeguarding information once delivered to the individual.
  2. The email service must have proper safeguards in place for handling HIPAA sensitive information.

    See HIPAA sections (45 CFR § 164.312(a)(2)(iv) and (e)(2)(ii)).

  3. You must sign a BAA (Business Associate Agreement) with the email provider.

Is Gmail HIPAA Compliant?

As you might know, Google offers 2 versions of Gmail. One is free. The other is a paid version as part of G-Suite.

ONLY the G-Suite version of Gmail is HIPAA Compliant.

And the reason is that only the G-Suite version of Gmail allows you to sign a BAA.

Do you use Gmail in your practice? Post a comment below!

Minto Tsai

P.S. If this helped you, please Like, Share, email... all the social network love you can give!