How to Send Safe Email to Patients

Are you using unencrypted e-mail to communicate with patients?  Since the HITECH Act went into effect in the fall of 2013, the rules about e-mail have changed.  Healthcare providers must use reasonable precautions to use e-mail to communicate with patients.

“The Privacy Rule allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they apply reasonable safeguards when doing so. See 45 C.F.R. § 164.530(c).

Certain precautions may need to be taken when using e-mail to avoid unintentional disclosures, such as:

  1. checking the e-mail address for accuracy before sending, or
  2. sending an e-mail alert to the patient for address confirmation prior to sending the message; or
  3. limiting the amount or type of information disclosed in unencrypted email.

Patients may initiate communications with a provider using e-mail. If this situation occurs, the health care provider can assume (unless the patient has explicitly stated otherwise) that e-mail communications are acceptable to the individual. If the provider feels the patient may not be aware of the possible risks of using unencrypted e-mail, or has concerns about potential liability, the provider can alert the patient of those risks, and let the patient decide whether to continue e-mail communications.”

FAQs Federal Health Information Privacy

Your office should have an e-mail policy for patients.  Consider whether it would be helpful for your office to send patients appointment reminders and health forms via e-mail?  You should also offer patient’s the option of opting out of e-mail communication.  You should always notify the patient of the risks of sharing protected health information over the internet.

Many patients will appreciate your willingness to use e-mail.  E-mail allows your office to quickly get the information to the patient without delay or having to pay for postage.  If  you plan on using e-mail, your front desk should always check with the patient to determine what their current e-mail address is and whether it has changed.

The patient has the right to request that only certain information be communicated via e-mail.  You must have a procedure that informs the healthcare provider what information the patient does not want to be communicated via e-mail.

Your office also might consider an encrypted e-mail system such as secure messaging.  Many hospital systems and large providers are using encrypted e-mail.  By encrypting the e-mail, you will be certain that the information gets to the correct person and it is not tampered with over the internet.

Do you need assistance with drafting your HIPAA policies?  We can help.  CLICK HERE

Get “News You Can Use” delivered directly to your email inbox.  

Related Posts

Categories

Recent Posts

Who Pays Attorney Fees?
June 30, 2022
Does Facebook have your PHI?
June 28, 2022
How to Protect Your Business from Cybercrime
June 23, 2022
Are You Continuing to Offer Telehealth?
June 21, 2022
Employee or Independent Contractor?
June 16, 2022

Subscribe

Enter your email to subscribe now and receive your FREE HIPAA Risk Assessment book!

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment.

 

Get it now for FREE (an $8.99 value!)

One more step! Please check your email to confirm your subscription and receive your FREE book!