Provided by: Jennifer Kirschenbaum, Esq.
May 1, 2014



Thanks for providing all of the recent updates on HIPAA.  Scary stuff!  I work as a healthcare provider (nutritionist) in a large corporate environment and was wondering if I have any personal exposure by emailing with my patients. 

Really appreciate advice!



K, thanks for asking such an important question.  An easy default position for many is to dismiss HIPAA exposure as the "employers" responsibility.  Not so.  HIPAA applies to all "covered entities" which by definition applies to "health care providers" - anyone who regularly bills for health care services - “preventive, diagnostic, rehabilitative, maintenance, or palliative care, and counseling, service, assessment, or procedure with respect to the physical or mental condition, or functional status, of an individual or that affects the structure or function of the body.”  By broad definition, most practitioners of varying licensure designation would qualify. 

So, to answer the question posed - personal exposure could extend or would extend to the individual.  However, the potential for exposure does not mean you cannot or should not email with patients.   HIPAA does not prohibit communication by e-mail, but you do have to be informed of required safeguards as discussed in greater detail in Tuesday's email.  In addition, I recommend receiving written consent from each patient and confirmation from the patient you have the proper email address prior to engaging.  Specific to email, be careful - do not make the mistake of treating email as the "less casual" method of communication.  Email, once sent, cannot be unsent and can always be recovered. 
Jennifer Kirschenbaum, Esq., healthcare, doctor, physician, regulatory compliance, transactional, audit defense, licensure, litigation and general practice management matters,


KIRSCHENBAUM & KIRSCHENBAUM, P.C. l 200 Garden City Plz, Garden City, NY 11530
(516) 747-6700 (P) l (516) 747-6781 (F) l