How to Vet Patient Portal Companies Before You Decide

January 5, 2021 | By Wendy Bartlett

How to Vet Patient Portal Companies Before You Decide

The patient portal has become a mainstay in healthcare today. More than 90 percent of healthcare practices offer patient portal access to their patients, recognizing countless benefits—from increasing workflow efficiencies and improving transparency to empowering patients to take a more active role in their own care.

If you’re thinking about implementing a new patient portal and looking for a vendor to partner with,, there are certain considerations to keep in mind when evaluating potential partnerships. Here are criteria to follow when assessing potential technology partners::

Regulatory Compliance

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the primary law that federally protects health information, requiring providers, insurance companies, and clearinghouses to follow specific standards for how health information can be used and disclosed. When evaluating different vendors, look for a company that offers a HIPAA-complaint patient portal and takes the necessary steps to ensure information is kept safe to protect patients’ privacy at all costs.

Additionally, the patient portal company you choose to partner with should also adhere to Stage 2 Meaningful Use requirements set forth by the Centers for Medicare and Medicaid (CMS). Stage 2 Meaningful Use regulations include several core objectives, including rules around recording medication orders, submitting prescriptions electronically, implementing clinical decision support at the point of care, performing medication reconciliation, public health and clinical data registry reporting, and more.

Robust Security Protocols

It’s not enough to follow HIPAA privacy and security laws. Today, when the risk of data breaches is higher than ever before, healthcare organizations must take the proper precautions to protect against cybersecurity threats. This is particularly true for modern technologies, where data is stored in the cloud.  To prevent attacks on their servers and protect confidential patient data, patient portal companies should have robust security protocols in place. 

For example, although HIPAA does not require two-step authentication, many healthcare IT companies will choose to implement this practice for added protection.

[Infographic] Discover why a full suite of tools beyond the traditional patient  portal is necessary to truly drive engagement and satisfaction.

EHR Module Certification

The Office of the National Coordinator for Health IT (ONC) has authorized six different organizations to perform EHR module testing and certification. These companies, which are referred to as ONC-Authorized Certification Bodies (ONC-ACB), certify EHRs and EHR modules as capable of supporting providers’ efforts to meet the goals and objectives of meaningful use. 

When vetting potential patient portal companies, you can search the Certified HIT Product List (CHPL). During this review, you can determine whether the company you’re considering is certified, if they’ve maintained certification  over time.

Proven Track Record

Consider the company’s track record: Have they been successful partners for other healthcare organizations and EHR vendors? If so, do they have the  testimonials to prove it? Any established, reputable patient portal company will have the satisfied clients to back up their claims—and they shouldn’t be afraid to refer you to said clients  to verify what they’ve said is  true.

Patient-Centric Mission

Does the patient portal company you’re looking into have a mission that ultimately has patients’ best interests in mind? At the heart of the patient portal is the idea that modern healthcare consumers should have convenient, anytime access to their own health data. Not only does this aim to improve both cost and care transparency, but also to encourage patients to take an active role in their own healthcare decisions.

Choosing a Patient Portal Partner You Can Trust

These are just some of the criteria to keep in mind when vetting potential technology partners for your healthcare practice or EHR. With that said, you should also trust your instincts in addition to doing your due diligence. If the patient portal vendor you’re considering doesn’t seem to have your company’s best interests in mind—let alone the patients’ best interests—don’t settle. Keep searching until you find a patient portal partner that you can trust to do the right thing by you, providers, and patients alike.

Why Patient Engagement Requires a Platform