Home Forums Discussions General Discussion HIPAA & E-mail

I don't feel like I got a clear-cut answer regarding e-mail, security and HIPPA at the ACUC - probably because it is a complicated matter.

Currently, we are sending our patients a medications and supplements list as a fillable PDF form to complete prior to their re-visit with the doctor. This has been a huge help in keeping the doctor updated on what patients are actively taking.

Patients have the option to e-mail back the completed form or print it out and bring it to their visit.

Are any other doctors doing anything similar to this?

Should we be concerned about violating any laws?

Thanks!

- Sam

Assuming you trust HHS, check out: http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/healthit/safeguards.pdf Says, in part, "The Privacy Rule allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they apply reasonable safeguards when doing so....Patients may initiate communications with a provider using e-mail. If this situation occurs, the health care provider can assume (unless the patient has explicitly stated otherwise) that e-mail communications are acceptable to the individual. If the provider feels the patient may not be aware of the possible risks of using unencrypted e-mail, or has concerns about potential liability, the provider can alert the patient of those risks, and let the patient decide whether to continue e-mail communications."

We include the following as part of the "signature" on all emails: "Please be aware that email communication can be intercepted in transmission or misdirected. Your use of email to communicate protected health information to us indicates that you acknowledge and accept the possible risks associated with such communication. Please consider communicating any sensitive information by telephone, fax or mail. If you do not wish to have your information sent by email, please contact the sender immediately."

Be sure to review your state laws as they apply to HIPAA things such as email as well. Our state has some pretty strict rules and the stronger rule takes precedence usually so I don't feel comfortable using anything but an incrypted email scenario for our practice.