If your office is providing Protected Health
Information (PHI) via email, you have probably questioned if you are being
HIPAA compliant. Recently, there was a new clarification from the Office for
Civil Rights about email communications including PHI.
This clarification stated that covered entities are allowed to send PHI with unsecure email. But, before you send unsecure PHI, you must:
- Explain
the possible risks of using unsecure email
- Confirm the patient still wants their PHI sent via an unsecure email
The Digital Dental Record also recommends,
but HIPAA does not require, your office obtain a notice in writing from your
patient. This notice could include:
- The explanation
of possible risks of using unsecure email
- Acknowledgement that the patient understands those risks
- The patient’s consent to use unsecure email
- The patients signature
Once those steps are taken, you can send your
patient’s PHI via unsecure email. But, your office still might want to consider
a secure email service, so you can communicate with other dental offices and/or
meet requests from patients who want their PHI sent securely.
If your office has any questions about secure
email, contact The Digital Dental Record at 800-243-4675. We are your resource
for HIPAA compliant business and technology solutions.