The Division of Vocational Rehabilitation (DVR) helps individuals with disabilities attain, retain, and advance in employment. Their work often requires handling sensitive medical information, especially when working with healthcare providers, employers, and clients.
To protect the privacy and security of this information and prevent potential data breaches, the DVR must use HIPAA compliant emails.
Should the DVR be HIPAA compliant?
While the DVR is not technically classified as a covered entity under the Health Insurance Portability and Accountability Act (HIPAA), using HIPAA compliant communication methods will safeguard individuals’ protected health information (PHI).
HIPAA compliant email solutions, like Paubox, use advanced security measures, including TLS encryption and access controls, to keep client data secure, even if it’s not a legal obligation.
How using HIPAA compliant email pays off
Better data security
HIPAA compliant email protects sensitive client information, like medical records or employment accommodations. It also reduces the risk of unauthorized access with standard email systems.
Access controls
Email solutions, like Paubox, allow the DVR to restrict access to sensitive client data, so only authorized individuals, including healthcare providers, counselors, and employers, can view the information directly in their inboxes while blocking unauthorized access by hackers.
Increases trust
HIPAA compliance improves public trust. When the DVR uses HIPAA compliant emails, it shows a commitment to the client’s data privacy and security. For instance, discussing the client’s medical condition and workplace accommodations via secure email can help the client rest assured that their data will be kept confidential.
Upholds privacy laws
Although the DVR is not a covered entity per HIPAA regulations, secure email services help the DVR follow best practices in data protection. It can also improve privacy law compliance, especially when they collaborate with third-party entities like healthcare providers.
Go deeper: Why HIPAA compliance pays off
Example scenarios of how the DVR can use HIPAA compliant email
Suppose a client needs an ergonomic chair because they injured their back. In such a case, the DVR must correspond with a healthcare provider to validate the medical basis for these accommodations.
If this information is sent using a regular email system, the client’s PHI could be breached, violating privacy laws like the Americans with Disabilities Act (ADA). Instead, using HIPAA compliant emails helps the DVR uphold these regulations.
Furthermore, disclosing the medical information must be justified, necessary, and authorized by the client. As Tracie DeFreitas, Director of Training and Outreach at Job Accommodation Network (JAN)states, employers must ensure that the employee “signs the HIPAA authorization form... evidencing express consent for the healthcare provider to disclose the individual’s private medical information.”
The principle also applies to the DVR when verifying a client's medical needs for accommodations. Before contacting a healthcare provider, the DVR can securely email a HIPAA authorization form, allowing the patient to sign electronically and obtain their consent.
Ultimately, this process protects the client's privacy and reduces the DVR's risk of potential violations.
Read also: HIPAA compliance when communicating with patients with disabilities
FAQs
What happens if health information is compromised in an email?
If an individual’s health information is compromised via email, it could result in legal consequences, fines, and damage to the provider's reputation. Additionally, patients can suffer from identity theft or other privacy breaches.
Are standard emails secure for discussing sensitive healthcare information?
No, standard emails do not provide the necessary encryption to protect sensitive healthcare information from potential data breaches. However, using a HIPAA compliant email platform, like Paubox, safeguards protected health information (PHI) during transmission and at rest.
Can individuals with physical disabilities use HIPAA compliant emails?
Yes, HIPAA compliant emails can be tailored to accommodate different needs and abilities, using features like screen readers and alternative text to improve accessibility.
Read also: Email for mental healthcare access in people with disabilities
