A face sheet, also known as a cover sheet or demographic sheet, is a document that contains a summary of a patient's personal and demographic information.
In this post, we'll answer the question, "Can I email a face sheet and be HIPAA compliant?"
Face sheets, or demographic sheets, typically include the patient's name, address, date of birth, insurance information, and emergency contact information. They may also include information about the patient's medical history, current medications, and allergies.
Face sheets are often used in hospitals and clinics to provide quick access to a patient's information for healthcare providers.
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that protects the privacy of individuals’ personal health information, otherwise known as protected health information (PHI).
As we’ve previously discussed, HIPAA applies to covered entities, which includes healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.
A business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required by law for HIPAA compliance.
At a high level, here’s what to look for in a HIPAA compliant email solution:
For example, Google Workspace and Microsoft 365 are popular cloud-based email service providers that are willing to sign BAAs. Their out-of-the-box encryption solutions however, are widely regarded as either non-existent or incredibly cumbersome.
Solutions like Paubox Email Suite can integrate seamlessly with these providers, without the need for customers to change their email addresses, download an app, or even alter the way email is sent.
See related: HIPAA Compliant Email: The Definitive Guide
The simple answer here is yes, as long as you choose a HIPAA compliant email solution that encrypts your email data as it travels across the internet (in transit), encrypts your email at rest (i.e., your mailbox), and is able to sign a BAA with your organization.
It should be noted it's common to select an email service provider like Google or Microsoft to handle the hosting of the email (encryption at rest) and choosing another provider to handle the email encryption component (encryption in transit).
Bonus points if your email encryption provider(s) are able to provide HITRUST CSF certification, like Paubox.
See also: Paubox renews, expands HITRUST CSF certification through 2023