On January 10, 2025, U.S. Department of Health and Human Services (HHS) Secretary Xavier Becerra declared a Public Health Emergency (PHE) in California due to the devastating wildfires in Los Angeles County.
While the declaration allows healthcare providers greater flexibility in meeting the emergency health needs of Medicare and Medicaid beneficiaries, providers must still safeguard individuals’ protected health information (PHI).
Why HIPAA compliance matters in emergencies
The Health Insurance Portability and Accountability Act (HIPAA) establishes national standards to protect PHI. While HHS has temporarily waived certain HIPAA sanctions during the emergency, these waivers are limited. Healthcare providers must continue to secure PHI, especially when communicating through digital platforms like email.
Why providers must use HIPAA compliant emails
Secure communication
During disasters, healthcare providers must share critical patient data quickly. HIPAA compliant email solutions, like Paubox, use advanced encryption to protect PHI, reducing the risk of data breaches.
Coordinated response across agencies
Agencies like the Administration for Strategic Preparedness and Response (ASPR), local hospitals, and volunteer organizations (e.g., the Long Beach Medical Reserve Corps) must collaborate. Secure email solutions help these organizations maintain real-time communication without violating privacy laws.
Legal compliance
Even during emergencies, HIPAA regulations still apply to many aspects of healthcare operations. Using compliant emails helps healthcare organizations meet their legal responsibilities, even after temporary waivers expire.
Maintaining patient trust
Patients affected by disasters rely on healthcare providers for medical care and the security of their personal information. So, protecting PHI through secure communication solutions can help strengthen public trust in healthcare institutions.
What makes an email solution HIPAA compliant?
- Business associate agreements (BAAs): HIPAA compliant email solutions must sign a BAA, acknowledging their responsibility in protecting PHI.
- Encryption: Paubox email uses TLS encryption to protect emails in transit and at rest, so only authorized recipients can access the content.
- Access controls: HIPAA compliant email solutions must offer access controls so healthcare organizations can limit PHI access to authorized staff only.
- Audit trails: Healthcare organizations must track who accessed or sent PHI to maintain accountability.
Using secure emails during the California wildfire emergency
Coordinating patient evacuations between hospitals
As wildfires threaten hospital facilities in Los Angeles County, administrators need to transfer patients to safer locations. They can use HIPAA compliant emails to send patient transfer summaries, including medical histories, current medications, and treatment plans to receiving hospitals.
These emails facilitate care transitions and help providers minimize treatment delays during evacuations.
Communicating with mobile medical units and volunteer responders
HIPAA compliant email can also help support mobile medical units and volunteer responders, especially when medical teams from the Long Beach Medical Reserve Corps require up-to-date treatment protocols and supply coordination.
Secure email can distribute medical guidelines, share secure links to patient documentation forms, and coordinate medical supply delivery. These emails help keep responders informed and equipped to provide care without risking patient privacy.
Notifying patients about service disruptions and care options
Healthcare facilities can also use HIPAA compliant email to notify patients about service disruptions.
For instance, if a dialysis center must close due to wildfire damage, administrators can securely email patients about alternative treatment locations. These messages can include details about nearby facilities, contact information for scheduling appointments, and transportation options.
Sharing emergency health resources with partner agencies
During the wildfire emergency, the Centers for Disease Control and Prevention (CDC) could use HIPAA compliant emails to share specialized medical protocols for treating burn injuries and smoke inhalation with local hospitals.
These emails allow these agencies to send training materials, digital toolkits, and contact information for specialized response teams directly to healthcare providers while safeguarding patient privacy.
Coordinating mental health support services
Since Californian residents affected by the wildfires might experience emotional distress, mental health providers can use HIPAA compliant emails to send patient referrals and patient assessments.
Additionally, healthcare teams can use secure email to arrange virtual counseling sessions and share resources with patients needing immediate psychological support.
Go deeper: Ways therapists can use personalized HIPAA compliant emails
FAQs
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards for safeguarding protected health information (PHI).
HIPAA mandates that healthcare providers, insurers, business associates, and some federal agencies safeguard patients' PHI during transit and at rest.
Can HIPAA compliant emails include attachments?
Yes, providers can send attachments, like PDFs and documents, using a HIPAA compliant emailing platform, like Paubox, which automatically encrypts emails and their attachments.
What types of information are protected under HIPAA?
HIPAA protects all individually identifiable health information held or transmitted by covered entities or their business associates, including mental health records.
