The HIPAA Privacy Rule permits healthcare providers to discuss health issues and treatment plans via email, as long as the necessary safety measures are applied to protect patient privacy.
Here’s what HHS wants you to know about conducting discussions electronically and why HIPAA compliant email is key to keeping all sensitive information secure.
Before communicating with a patient through email, HHS recommends certain precautions to reduce the chance of unintended disclosures. This may include double checking email addresses for accuracy prior to sending, or asking a patient to confirm their address ahead of time.
Although using unencrypted email for treatment-related discussions is not prohibited, healthcare providers should be taking steps to safeguard patient data. One way to do this is limiting the total amount or type of information included in the unencrypted message.
SEE ALSO: HIPAA email encryption requirements: What you need to know
Additionally, it is critical for covered entities to ensure that all protected health information (PHI) sent via email is in compliance with the HIPAA Security Rule requirements.
What rights do individuals have under the Privacy Rule?
The Privacy Rule allows patients to request an alternative communication method or location from their healthcare provider, within reason. For instance, an individual may ask to receive appointment reminders via email rather than a postcard. Under HIPAA, the healthcare provider is expected to accommodate and fulfill the request if reasonable.
On the flip side, a patient may consider unencrypted email unacceptable and seek a more confidential discussion. The provider should then offer another form of communication, such as physical mail, telephone, or encrypted email with Paubox Email Suite.
Can patients initiate email communications with a provider?
According to the Privacy Rule, patients are permitted to open a conversation with a healthcare provider via email. In this situation, the provider can assume that the individual finds email to be a suitable method of communication unless they have explicitly stated otherwise.
If the healthcare provider feels that a patient might not know about the potential risks of using unencrypted email or has any other concerns around liability, it is appropriate for them to inform the individual of those vulnerabilities. It is then up to the patient to decide whether to move forward with exchanging information electronically.
How Paubox can help
To ensure that you are keeping each patient correspondence as protected as possible, strengthening your email security is the best plan of action.
Designed to conveniently integrate with your existing email platform, Paubox Email Suite sends HIPAA compliant email by default by automatically encrypting every outbound communication. This removes the stress of choosing which emails to encrypt and allows your patients to receive your emails directly in their inbox without needing to navigate any additional passwords or portals.
Paubox’s Plus and Premium plan levels are also equipped with innovative inbound email security tools that work to proactively defend your data from future threats. Our patent-pending Zero Trust Email feature requires one more unique identity verification to confirm an email’s legitimacy, while ExecProtect quickly identifies and puts an end to display name spoofing attempts.