I remember before HIPAA, I used to walk down the streets yelling out the diagnoses of my patients. No, I actually didn't. It was this little thing called violating patient confidentiality. This whole HIPAA thing makes it sound like before HIPAA, there was no privacy. Don't get me wrong, I know you have to follow HIPAA, but I am so sick of it. The actual thing stands for Health Insurance Portability Act, and I have no idea how all this patient confidentiality stuff got in there.
There is a section in there, though, that tells you how to use regular non-encrypted email and be HIPAA compliant. But, it is a little cumbersome. It is somewhat like DHCP for those who are network computer savvy. You know, the computer comes on and doesn't have an IP and then asks the DHCP server if he can please have an IP and then the DHCP server say, "Hi client, do you really need an IP, and the client says yes, and the DHCP server says, OK, here is 192.168.0.14. This is actually true. But, it all happens in about 0.5 seconds.
But getting back to the email thing. There is something in there where the patient emails you. You then email them telling them that this is non-secure email and do you agree to allow me to email you in a non-secure, non-HIPAA compliant fashion in case the HIPAA police are around. Then, they reply to that and say yes, and you have this email trail. But, it is weird, because somehow it has to be in that order. I kind of forget.
But, there is
www.certifiedmail.com that works rather well. But, not free, obviously.
I also think it is all about intent. I have patients email me all the time. And, I email them back. As long as I use the reply button, I am in pretty good shape.
