Emailing PHI: considerations for developing best practices

PHI breaches that make the headlines often result from computer thefts or hacking.  Another, less well-publicized vulnerability for PHI records, however, is in the realm of electronic mail which is arguably not a particularly secure form of communication.  Over 100 billion emails were exchanged daily within the business community in 2013 and the number routinely exchanged within the healthcare industry is also enormous.  Institutions and entities that work with PHI’s can consider some of the following issues and questions regarding email and PHI’s either on a case-by-case basis, or in developing broader policies:

  • Email is not what it used to be:  with continuing changes in technology, communication methods that have up until now been considered separate from email, may now also be considered email, including, for instance, telephone messages and faxes which are now routinely delivered by email.
  • Is email the only or best way to transmit the PHI or is there another, more secure method?
  • Is disclosing the PHI really required in this instance, or is it possible to simply allude to the information within the PHI more generally?
  • The contracts governing interactions with business associates and other entities may themselves limit what and how communication occurs.
  • Is encryption appropriate, and if so what is the best method?

See full AHLA Connections article at “Tips and Tactics for Transmitting PHI by Email”

Posted in ARRA, Higher Ed, HITECH Act, News, Privacy & Security Tagged with: , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *