How Providers Can Send HIPAA-safe E-mail to Patients Now!

Are you using unencrypted e-mail to communicate with patients?  Since the HITECH Act went into effect September 23, 2013, have the rules about e-mail changed?  You might be surprised to learn that you can still use unsecured e-mail to communicate with patients about their protected health information as long as you use reasonable safeguards.

“The Privacy Rule allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they apply reasonable safeguards when doing so. See 45 C.F.R. § 164.530(c).

For example, certain precautions may need to be taken when using e-mail to avoid unintentional disclosures, such as checking the e-mail address for accuracy before sending, or sending an e-mail alert to the patient for address confirmation prior to sending the message.

Further, while the Privacy Rule does not prohibit the use of unencrypted e-mail for treatment-related communications between health care providers and patients, other safeguards should be applied to reasonably protect privacy, such as limiting the amount or type of information disclosed through the unencrypted e-mail….

Patients may initiate communications with a provider using e-mail. If this situation occurs, the health care provider can assume (unless the patient has explicitly stated otherwise) that e-mail communications are acceptable to the individual. If the provider feels the patient may not be aware of the possible risks of using unencrypted e-mail, or has concerns about potential liability, the provider can alert the patient of those risks, and let the patient decide whether to continue e-mail communications.”

FAQs Federal Health Information Privacy

Your office should have an e-mail policy for patients.  Consider whether it would be helpful for your office to send patients appointment reminders and health forms via e-mail?  You should also offer patient’s the option of opting out of e-mail communication.  You should always notify the patient of the risks of sharing protected health information over the internet.

Many patients will appreciate your willingness to use e-mail.  E-mail allows your office to quickly get the information to the patient without delay or having to pay for postage.  If  you plan on using e-mail, your front desk should always check with the patient to determine what their current e-mail address is and whether it has changed.

The patient has the right to request that only certain information be communicated via e-mail.  You must have a procedure that informs the healthcare provider what information the patient does not want to be communicated via e-mail.

Your office also might consider an encrypted e-mail system such as secure messaging.  Many hospital systems and large providers are using encrypted e-mail.  By encrypting the e-mail, you will be certain that the information gets to the correct person and it is not tampered with over the internet.

Do you have questions about health care issues? Suggestions? Tips to help your colleagues? We love to hear from you. Simply press the comment button below.

Get “News You Can Use” delivered directly to your e-mail inbox.  Click here to Subscribe.

Related Posts


Recent Posts

Getting Remarried? Here’s What You Need to Know
March 21, 2024
What is the Biggest Threat to Healthcare?
January 30, 2024
How Can I Simplify Estate Planning?
January 11, 2024
I Have a Trust. Now What?
December 7, 2023
Breaking: Corewell Health Breach
December 5, 2023


Subscribe to Our Newsletter

Subscribe and get your FREE copy of Easy Guide to HIPAA Risk Assessments

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment. (an $8.99 value)

Thank you for subscribing to the Rickard & Associates healthcare blog. You'll receive a confirmation email shortly. After verifying your subscription request, you'll be sent to the "Easy Guide to HIPAA Risk Assessments" download page.