Can I use email with patients?

Provided by: Jennifer Kirschenbaum, Esq.

May 14, 2019

Question

Hi Jennifer,

Can I use email to communicate with patients? The patients give me their email addresses when they come in.

Thanks,
Dr. O

Answer

Yes, however, under the Security Rule (a part of HIPAA) each covered entity (inclusive of medical practices) is required to implement safeguards for electronic protected health information. The guidelines are not explicit in practical requirements because there is a spectrum of acceptable compliance. What we do know is all covered entities can use the internet for communications - its not prohibited - but all covered entities should engage in a risk assessment and implementation of physical, administrative and technical safeguards (which we will cover in a June 11 webinar, registration below).

To further confuse, the Office for Civil Rights offers this direction -

Does the Security Rule allow for sending electronic PHI (e-PHI) in an email or over the Internet? If so, what protections must be applied?

Answer:

The Security Rule does not expressly prohibit the use of email for sending e-PHI. However, the standards for access control (45 CFR § 164.312(a)), integrity (45 CFR § 164.312(c)(1)), and transmission security (45 CFR § 164.312(e)(1)) require covered entities to implement policies and procedures to restrict access to, protect the integrity of, and guard against unauthorized access to e-PHI. The standard for transmission security (§ 164.312(e)) also includes addressable specifications for integrity controls and encryption. This means that the covered entity must assess its use of open networks, identify the available and appropriate means to protect e-PHI as it is transmitted, select a solution, and document the decision. The Security Rule allows for e-PHI to be sent over an electronic open network as long as it is adequately protected.

https://www.hhs.gov/hipaa/for-professionals/faq/2006/does-the-security-rule-allow-for-sending-electronic-phi-in-an-email/index.html

WEBINAR
Title

Conducting and Implementing Security Risk Assessment Recommendations

Date and Time

Tue, Jun 11, 2019 12:00 PM - 1:00 PM EDT

Description

Join Jennifer for a discussion on the Security Risk Assessment process and implementing practical recommended solutions.

Registration
https://attendee.gotowebinar.com/register/5693100083607960065

Ask us a question

Jennifer Kirschenbaum, Esq. Partner

Ask us your questions. We will help if we can & let you know before any charge is incurred.

Jennifer@kirschenbaumesq.com

Educational Webinars

A discussion on Market impact to practice

Preparing for PPP Forgiveness and Patient Care Impacts with Covid 19

Looking for the KK Healthcare Exchange? Click Here.

MISSED OUR RECENT WEBINARS? CLICK HERE ANYTIME!

Looking for HIPAA and compliance forms?
Click here to visit our website.

Have a question or comment for Jennifer?
Contact Jennifer at Jennifer@Kirschenbaumesq.com or at (516) 747-6700 x. 302.

Interested in having Jennifer speak at an event or
at a residency/fellowship program?
Contact Jennifer directly at (516) 747-6700 x. 302 or at Jennifer@Kirschenbaumesq.com

Click here to learn about
K&K's Prepaid Legal Audit/Investigation Defense Now!