E-mail and HIPAA
Email has been widely used by both business and the general public for much of the last twenty years, and reliance on it has found its way into the daily lives of millions. Recently, email has become even more accessible with the commonplace of the smartphone. However, leave it to healthcare to throw a curve ball to this cozy relationship.
The fact is, HIPAA and email have long been at odds. Across the board, we are increasingly using, are considering using, or are being asked to use, email to communicate with residents about their medical conditions.
If you find yourself described here, then it bears repeating that the Internet, and things like email sent over the Internet, is not secure. Although it is unlikely, there is a possibility that information included in an email can be intercepted or accidently delivered to, and read by other parties besides the person to whom it is addressed. And it’s that “possibility” that becomes the area of focus.
To summarize the rules that apply to HIPAA and email …
Email communications are permitted, but you must take precautions;
It is a good idea to warn residents about the risks of using email that includes resident health information (PHI);
Providers should be prepared to use email for certain communications, if requested by the resident, but must ensure they are not exposing information the resident does not want shared
Providers must take steps to protect the integrity of information and protect information shared over open networks.
Be the expert on the topic of HIPAA compliant email on behalf of your residents. This means making sure you have appropriate notices visible, both on-line and in the real world, warning residents about the potential security risks of transmitting protected health information (PHI) using email over the non-secure portion of the Internet.
Document the resident’s consent to receive communication by email. Don’t assume that because your resident sent...