Request a Live Demo

Please take a minute to tell us about yourself

* All fields required

View our Privacy Policy  or  Terms and Conditions.


Thanks! We'll be in touch soon!

In the meantime, please feel free to give us a call at 800.981.5084, explore the site or check out a video.

An error occured

Please feel free to give us a call at 800.981.5084


athenahealth logo


Patient engagement knowledge hub

See how the right patient engagement tools and techniques can help improve both clinical and financial results.

HIPAA compliant messaging and information exchange

If you currently use an online patient portal, does it support the secure, HIPAA compliant messaging it needs to as a requisite for Stage 2 of the Meaningful Use incentive program?

Stage 2 focuses on measuring patient engagement and empowerment, where patients not only need access to their health information, but also need to actively engage with their health records. To ensure that Stage 2 criteria are properly met, this information exchange must occur securely, with health care facilities needing to deliver HIPAA compliant messaging.

The updated requirements for HIPAA compliant messaging include:

  • At least 5% of patients seen by an eligible professional (EP) during the reporting period using, HIPAA compliant messaging
  • Patients securely accessing and downloading their electronic information
  • Patients getting reminders for preventive and follow-up care
  • Patients provided with specific education materials
For most health care organizations, the standards for HIPAA compliant messaging must go beyond e-mail; messages traveling outside of the organization’s intranet are not a secure means for transmitting patient health information. Privacy and security experts recommend using e-mail only to notify patients that new content is available on an online portal. This process keeps information secure, as the patient must complete the portal login and authentication process to gain secure access.

HIPAA compliant messaging includes text messaging from doctors to patients, e-mail from mobile devices, and the ability to support the attachment of images from mobile device cameras and .pdf files from desktop computers. To achieve this, health care organizations need to install and promote a fully compliant patient portal for Meaningful Use.

Of course, when implementing a patient portal, health care organizations must ensure that privacy and security safeguards are put in place. For example, there must be functionality that can confirm a patient accessing the portal is who they say they are, by way of unique user IDs and passwords, and potentially two-factor authentication (for example, a code sent to a cell phone must be entered, in addition to a password).

Patients should be educated on the appropriate use of their patient portal, the importance of safeguarding their log-in credentials, and securing any information they may download or print.

In addition to employing HIPAA compliant messaging, a patient portal should contain some level of customization and configurability, and should integrate seamlessly with EHR systems that providers already have in place.

Ideally, a patient portal for Meaningful Use also incorporates solutions such as automated reminder messages for appointments, results calls, and after-hours live operator support, with consistent, HIPAA compliant messaging ensured across the organization’s patient communication platform.

1 Do I need to obtain consent from my patients to implement a patient portal? Available at:

Online Demo

A proven approach to driving better patient engagement
Whitepaper Icon
Our award-winning patient portal and services deliver results.


5 Elements of a Successful Patient Engagement Strategy
Whitepaper Icon
Get tips to keep your patients engaged and in better control of their health.

From our CloudView Blog

Fighting Infant Mortality in Cleveland
Whitepaper Icon
Welcome back to Population Health(ier), a recurring series featuring athenahealth and The Atlantic's best storytelling o...