We have a MedicalSpa client that is looking to manage the flow of incoming prescription refills. I’ve looked into a ton of platforms, but they all send the prescription out to in-network pharmacies. Any ideas would be helpful.
His message to us: We are looking for a way to partially automate this refill process. Basically, this would involve interfacing with the patient, preferably at any hour and with a convenient method such as texting or using a chat mechanism on our website for the patient to make us aware that they need a refill and specifically what medication is needed (we only have a few). I would then fill the medication from stock in the office and the patient would be notified that their medication is ready to be picked up or shipped to them.
Currently we take a lot of phone calls and texts from patients to initiate fills and we’d love to offload this part of the process to save employee time. If it were possible to accept payment for the prescription at the time of ordering that would be a big bonus. When the medication is filled we make an estimate of when they will need a refill (this varies from patient to patient depending on current dosing) but we have no mechanism to reach out to the patient asking if they want a refill at the predicted time interval.
Sounds like you are getting into “Online Pharmacy” territory and that is heavily regulated in the United States (i’m assuming that’s where your client is as that’s where your company is).
Whatever solution you land on it will have to be HIPPA compliant along with a whole host of other regulatory boxes that you’ll probably have to check.
Honestly I’d rather offload that kind of build to a service that specializes in handling all the regulatory and compliance stuff instead of trying to build my own…
We’re not actually looking to build something from scratch. Although, we have used the HIPAA compliance JotForm in the past.
I’m mainly curious how others have approached similar clients—what platforms or workflows have worked well for them in practice? Most MedSpas we’ve worked with don’t refill in-house.
I feel this is mostly a communication issue to reduce the calls to the staff.
Right, but any chat system selected will need to be HIPPA compliant as the customers will be providing medically protected information via that chat system… It’s not a situation where you could install and set up any old live chat widget from any provider…
I don’t have any recommendations but hopefully someone in the community might. Good luck with it. If you find something that meets regulatory requirements feel free to share what you landed on here as well.
It’s my understand, we actually could use any old chat and stay HIPAA compliant. Using a message like: “Hi Eric — you may be due for a refill. Please use the link below to request. Do not reply to this message.”
This alone doesn’t violate HIPAA. Having the name of the refill “due for a testosterone refill.” or a link www.example.com/testosterone-refill/ would violate HIPPA.
I’m hoping someone in the community has a client that has dealt with this before.
What EHR is your client using? As medical records need to be maintained even for a Medical Spa due a patient-physician relationship. Maybe the EHR has an add-on that can direct to Medical Spa’s website, similar to how US health systems use a public facing Epic EHR portal log in. What your client is describing probably needs to be tracked by the EHR to know when it is time for a refill and the the EHR can be automated to send a HIPAA compliant e-mail and/or SMS link to the patient to log into the public facing EHR of the medical spa.
@differentdan is Elements Hosting HIPPA complaint for the United States market?
@dropgates for example the LillyDirect website is hosted on AWS which is a HIPAA compliant for for the following service platforms: Amazon EC2, S3, RDS, and Lambda. Elements Hosting would have to enter into a Business Associate Addendum before your client can store or process Protected Health Information (PHI).
Technically, the example you gave is not HIPAA compliant: you disclosed a name and you disclosed that they have a condition that requires a prescription. This is exactly the type of thing that HIPAA was designed to guard against.
The above example was the exact example our attorney gave us years ago when we started doing business in the MedSpa space. She sited HHS has some pretty clear rules regarding communication reminders.
