Paubox blog: HIPAA compliant email made easy

How to write emails to patients that include PHI

Written by Anne-Marie Sullivan | December 28, 2022

Sending HIPAA compliant emails is integral to communication between healthcare professionals and patients. However, when sending emails containing protected health information (PHI), healthcare organizations should take extra care to prioritize patient privacy and adhere to HIPAA regulations. There are a few guidelines on writing secure and HIPAA compliant emails to patients that include PHI. 

 

Obtain patient consent

Healthcare professionals must obtain explicit patient consent to communicate via email and include PHI. This consent should be documented to establish a framework for secure email communication and serve as a reference point in the future.

 

Secure email systems

Use secure HIPAA compliant email platforms that comply with HIPAA standards. These platforms employ encryption techniques to protect sensitive information during transmission, ensuring the privacy and security of PHI.

 

Be personal and respectful

To establish a positive and professional tone, begin the email with a personalized salutation such as "Dear [Patient's Name]" or "Hello [Patient's Name]." This personal touch helps create a connection with the patient and sets the stage for effective communication.

 

Be concise and specific

When writing emails, clarity and brevity are key. Clearly state the purpose of the email upfront and be specific in your communication. Patients appreciate emails that get to the point without unnecessary details. Provide the required information in a concise and easily understandable manner, avoiding medical jargon whenever possible.

 

Language and jargon

Using patient-friendly language is crucial to ensure comprehension. Avoid complex medical terminology and jargon that patients may not understand. If specific terms or concepts need to be included, provide simple explanations to enhance clarity and foster patient engagement.

 

Double-check recipient information  

Before sending any email, verify that you have selected the correct recipient. Accidental email misdelivery can result in HIPAA privacy breaches. Take the time to review the recipient's email address to ensure it is accurate and corresponds to the intended patient.

 

Limit PHI

Only include the minimum necessary PHI required for the purpose of the email. Avoid excessive personal details or sensitive information irrelevant to the patient's query or care. Assess the content and ensure you provide information directly pertinent to the patient's needs. 

 

Subject line best practices

Craft a subject line that is brief, clear, and devoid of any sensitive information. The subject line should convey the purpose of the email without revealing PHI. Examples include "Important Update from [Medical Practice Name]" or "Regarding Your Upcoming Appointment."

 

Handling attachments

When attaching files that contain PHI, take extra precautions to protect patient privacy. Use a HIPAA compliant email service that encrypts attachments. This ensures that only authorized recipients can access the sensitive information.

 

Proofread and review the email

Before sending the email, proofread it for spelling, grammar, and any potential PHI mistakes. Verify that you have correctly addressed the patient and included all necessary information. A careful review reduces the chances of errors and enhances the professionalism of your communication.

 

Include a professional sign-off

End the email with a professional closing, such as "Sincerely," followed by your name, designation, and contact information. This allows patients to quickly reach out to you for further assistance or clarification, fostering open lines of communication.

 

Ten tips to writing meaningful emails to patients that include PHI

Writing emails to patients that include PHI requires a meticulous approach to safeguard patient privacy and comply with HIPAA regulations. By obtaining patient consent, utilizing secure email systems, practicing clear and concise communication, and following best practices, healthcare professionals can effectively communicate while maintaining the security and privacy of PHI.

  1. Write a clear and concise subject line to help patients understand what the email is about.
  2. Use a professional and friendly tone in your email to establish trust and create a positive relationship with the patient.
  3. Use the patient's name and any relevant information you have about them to make the email feel more personal. Ensure any PHI is is encrypted and secured.
  4. Be specific about what you are asking the patient to do. Provide clear instructions on how they can take action.
  5. Use bullet points or numbered lists to make it easy for the patient to read and understand your email.
  6. End your email with a call to action, such as asking the patient to call or email you with any questions or concerns.
  7. Before sending the email, proofread it for spelling and grammar errors.
  8. Encrypting emails ensures that only the intended recipient can access the contents of the message. This is especially important when sending PHI through email.
  9. Include a disclaimer in the email reminding the recipient to keep the information confidential.
  10. Include the appropriate opt-ins, CAN-SPAM act opt-in and make sure you have the patient's consent.

By following these steps, you can write meaningful emails that include PHI to patients.