If your office is providing Protected Health Information (PHI) via email, you have probably questioned if you are being HIPAA compliant. Recently, there was a new clarification from the Office for Civil Rights about email communications including PHI.
This clarification stated that covered entities are allowed to send PHI with unsecure email. But, before you send unsecure PHI, you must:
- Explain the possible risks of using unsecure email
- Confirm the patient still wants their PHI sent via an unsecure email
The Digital Dental Record also recommends, but HIPAA does not require, your office obtain a notice in writing from your patient. This notice could include:
- The explanation of possible risks of using unsecure email
- Acknowledgement that the patient understands those risks
- The patient’s consent to use unsecure email
- The patients signature
Once those steps are taken, you can send your patient’s PHI via unsecure email. But, your office still might want to consider a secure email service, so you can communicate with other dental offices and/or meet requests from patients who want their PHI sent securely.
If your office has any questions about secure email, contact The Digital Dental Record at 800-243-4675. We are your resource for HIPAA compliant business and technology solutions.