Paubox blog: HIPAA compliant email made easy

HIPAA compliant emails to address the opioid crisis

Written by Caitlin Anthoney | May 28, 2024

Providers can use HIPAA compliant emails to address the ongoing opioid crisis, enhancing patient care while protecting patient privacy, ultimately contributing to more effective management of opioid use disorders.

 

Addressing the opioid crisis

The opioid crisis continues to devastate communities across the United States. According to the HHS drug overdose death rates, “Nearly 108,000 persons in the U.S. died from drug-involved overdose in 2022, including from illicit or prescription drugs.” Furthermore, “Increased prescription of opioid medications like oxycodone and hydrocodone led to widespread misuse of both prescription and non-prescription opioids,” explains the National Opioids Crisis: Help and Resources.

So, addressing the opioid crisis requires a multifaceted approach that includes education on safe prescribing practices for healthcare providers as well as increased access to addiction treatment and recovery services. 

 

Mandatory education

The Consolidated Appropriations Act of 2023 requires all Drug Enforcement Administration (DEA)-registered practitioners, except veterinarians, to complete eight hours of training on the treatment and management of patients with OUD.

According to the American Medical Association’s Educational Hub, “Many U.S. states already require physicians and other medical professionals to complete [continued medical education] hours on safer prescribing of opioids. [So,] this new requirement asks physicians to have additional education on the treatment and management of patients with opioid or other substance use disorders.”

Specifically, the eight-hour training includes:

  • Basics of safe opioid prescribing and management
  • Basics of addiction treatment
  • Management of addiction in special populations
  • Opioids and fatalities: prevention and management
  • Addiction beyond opioids

Provider organizations can email staff information about the training requirements, reminders, and follow-up emails to ensure timely completion of the eight-hour training program. Additionally, sharing updates on OUD treatment and management could help staff stay informed about evolving best practices.

Providers can use email to seek clarification on complex concepts, engage in discussions, and share case studies. However, they must ensure that emails containing protected health information (PHI) are HIPAA compliant.

 

What does HIPAA say?

Providers should respond to the opioid crisis by prioritizing patient care while ensuring HIPAA compliance. The HHS provides clarity on how HIPAA allows doctors to respond to the opioid crisis, by explaining that:

  • Patients with decision-making capacity must be allowed to agree or object to sharing their health information with family, friends, and others involved in their care or payment for care.
  • Decision-making capacity can be temporary and situational, not necessarily requiring the appointment of another decision-maker by law.
  • HIPAA grants a patient’s personal representative the right to request and obtain any information about the patient, including a complete medical record.
  • Personal representatives are individuals with health care decision-making authority for the patient under state law, which can be established through various means such as parental relationships, written directives, health care power of attorney, appointment of a guardian, or determination of incompetency.

However, the HHS also states that “HIPAA allows health care professionals to disclose some health information without a patient’s permission under certain circumstances”, including: 

  • Sharing health information with family and close friends is permitted if it's in the best interest of an incapacitated or unconscious patient, as determined by the provider.
  • Informing relevant individuals to prevent or reduce serious and imminent threats to a patient’s health or safety is necessary.

 

How HIPAA compliant emails can help

Providers can use HIPAA compliant emails to address the nuances outlined in these regulations. Firstly, when sharing health information with family and friends involved in a patient's care, email communication must ensure strict adherence to HIPAA standards, safeguarding the patient's PHI. 

HIPAA compliant emails can also facilitate communication when relevant individuals need to be informed about threats to a patient's health or safety. However, such communication must be done discreetly, reducing the risk of unnecessary PHI exposure. According to HIPAA’s minimum necessary standard, only pertinent information should be included for the recipient to fulfill their role in the patient's care.

For patients with decision-making capacity, HIPAA compliant emails should include clear opt-in/opt-out options, allowing patients to express their preferences when sharing their health information with family, friends, or other caregivers. Patients should also be informed of the potential risks of sharing their health information, as HIPAA respects individual autonomy.

Furthermore, providers must use a HIPAA compliant platform, like Paubox, when communicating with personal representatives authorized to access a patient's health information. These platforms protect patient privacy through advanced security measures like encryption and two-factor authentication, which verifies the recipient's identity to prevent unauthorized access.

 

Creating HIPAA compliant emails

Avoiding stigmatizing language 

One of the challenges in treating opioid use disorders (OUD) is the stigma associated with seeking help. 

More specifically, a narrative review on addressing bias and stigma in the language we use in OUD explains that “Stigmatizing language is dehumanizing and plays a pivotal role in bias and discrimination that may contribute to unsatisfactory treatment outcomes among persons with OUD. Health care professionals... must assume an intentional stance against stigma perpetuated toward persons with OUD through advocacy in education, practice, policy, and the media.”

The narrative review also states that several studies found that the words ‘addict,’ ‘abuser,’ and ‘junkie’ maintain negative connotations among stakeholders and should be avoided, whereas the person-first phrases, ‘person with a SUD’ or ‘person in recovery,’ are more appropriate to reduce stigma.”

Provider emails should be mindful of the language used to promote a respectful approach toward individuals with OUD. This includes using person-first language and avoiding stigmatizing terms when communicating with patients or discussing OUD.

 

Creating a supportive environment

Providers can personalize their HIPAA compliant emails using compassionate communication strategies to promote a more supportive environment for individuals seeking treatment. These emails should be supportive and non-judgmental.

For example, a provider can send a follow-up email stating: 

“I wanted to check in on your progress and see how you’re feeling after our last appointment. Remember, if you have any questions or concerns about your medication or the treatment plan, please don’t hesitate to reach out. We’re here to support you every step of the way. Your commitment to your recovery is commendable, and I’m here to help you through this journey. Looking forward to seeing you at your next appointment.”

 

Supporting family and caregiver involvement

study on the impact of substance use disorders on families and children states that “Treating the individual without family involvement may limit the effectiveness of treatment for two main reasons: it ignores the devastating impact of [OUDs] on the family system leaving family members untreated, and it does not recognize the family as a potential system of support for change.”

Providers can use HIPAA compliant emails to facilitate secure communication between providers and family members, ensuring that everyone involved in the patient’s care is informed and prepared to offer the necessary support. These can include sending treatment progress updates, appointment reminders, and educational materials about managing OUD.

 

Overdose response

Providers can use HIPAA compliant emails to share patient information quickly and securely to coordinate care, especially in emergencies like overdoses. Providers can send information to caregivers with step-by-step guides on how to recognize signs of an opioid overdose (pinpoint pupils, unconsciousness, and slow or stopped breathing).  

Additionally, providers can send detailed instructions with educational videos on how caregivers can administer Narcan (naloxone) to counter fatal overdoses. These videos include detailed instructions on the dosage, the administration process, and safety precautions. The provider can then include a list of local pharmacies where Narcan can be obtained without a prescription, ensuring caregivers know where to access the medication quickly if needed.

HIPAA compliant emails also allow different providers to exchange information about patient history, current medications, and treatment plans, ensuring that all healthcare team members are on the same page.

More specifically, providers securely send details like medical history and allergies to first responders, streamlining communication during emergencies, especially if the patient cannot communicate their medical needs.

Read also: Using HIPAA compliant forms in emergency medical services (EMS)

 

Promoting proper opioid disposal

Research on family member opioid prescriptions and opioid use disorder suggests that “The risk of opioid prescribing can extend beyond individuals who were prescribed a drug and could potentially impact their family members.” 

Where individuals have a higher chance of having an OUD “when a family member had an opioid prescription.” So, “prescribers, pharmacists, and other health care professionals who care for patients should take significant steps to alert individuals about the importance of safeguarding their prescriptions and properly disposing of unused pills.”

Healthcare providers can use HIPAA compliant emails to educate both patients and their families about the potential risks associated with opioid use. For example, providers can email information on the dangers of sharing medications, safe storage practices, and how to properly dispose of unused opioids, preventing misuse by other household members.

 

Patient feedback

Providers can email patients, asking them about medication usage patterns, storage practices, medication accessibility to other household members, and any instances of shared medications.

They can then use the feedback to identify patients and families who may benefit from additional education, resources, or interventions like safe storage solutions or access to naloxone (Narcan) for emergency situations. The responses can also guide personalized advice and support, to help reduce the risk of opioid misuse.

For example, if the patient lives with young children, the provider can send them a personalized HIPAA compliant email with tips on how to talk to children about medication safety in an age-appropriate manner.

Additionally, providers can use HIPAA compliant forms, like Paubox forms, to streamline the collection of patient information and preferences for follow-up care.

 

Health advocacy

Providers can use HIPAA compliant emails to send resourcesand support services tailored to individual patient needs. These personalized emails can effectively support health advocacy, particularly in advocating for the needs and rights of patients prescribed opioids and their families. 

Furthermore, HIPAA compliant emails ensure that sensitive health information remains secure while delivering personalized advocacy resources directly to patients, helping them advocate for their health. Ultimately, providers can use HIPAA compliant emails to help patients access appropriate care, navigate healthcare systems, and protect their rights.

For example, an email focused on health advocacy could include:

  • Patient rights information: Providers can send OUD patients detailed information on patients' rights regarding opioid prescriptions, pain management, access to care, and informed consent.
  • Advocacy resources: HIPAA compliant emails can include secure links to advocacy groups that work on behalf of patients with chronic pain or OUD. 
  • Legislative updates: These emails can include information on recent laws affecting opioid prescriptions and pain management. More specifically, providers can explain how these changes impact patient care and what actions patients can take to advocate for their health rights.
  • Community engagement: Providers can encourage patients and their families to participate in community events, support groups, and advocacy initiatives. 
  • Educational content: HIPAA compliant emails can inform patients about webinars, articles, and workshops on effective self-advocacy techniques. Topics could include how to communicate effectively with healthcare providers, understand treatment options, and navigate the healthcare system.
  • Supportive services: Providers can email information about available supportive services, like health-related legal aid, healthcare advocates, and case management services to help patients access comprehensive care.

Go deeper: Using email and text messaging in health advocacy

 

FAQs

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards for safeguarding protected health information (PHI). HIPAA mandates that healthcare providers, insurers, and their business associates safeguard patients’ PHI during transit and at rest.

 

What makes an email HIPAA compliant?

An email is HIPAA compliant when it meets the HIPAA requirements for protecting sensitive patient information. HIPAA compliant platforms, like Paubox, use encryption and access controls, maintain audit trails, and secure stored emails, preventing unauthorized access or breaches.

Additionally, Paubox signs a business associate agreement (BAA) with the healthcare entity to ensure HIPAA compliance.

 

Can family members be informed about a patient’s treatment via HIPAA compliant email?

Yes, if the patient consents, providers can use HIPAA compliant emails to share relevant information with designated family members.