Email is such a prevalent form of communication in the medical office today we must be careful that we are not violating HIPAA laws. Many people use email as their main source of communication, even in the same offices. In our billing office we very often will send emails to each other, even if we sit in the same proximity. It is simply more convenient. Often one of my workers will say to me “can you please do ….” or “Dr xxx needs ….”. Most times I respond with “send me an email.” It is easier for me to make sure it gets done if I have something in writing. If someone mentions it to me while I am in the office it may be long gone before I get back to my desk.
Most people do not have secure email. If not using secure email it is crucial that you do not include any PHI in your communication. So is it necessary to always use secure email. Not necessarily. It is just important that you do not include PHI in the email. When we communicate with a provider and it is necessary to mention a patient we use some sort of code such as an internal chart number or just a couple of initials of the patient’s name. A good question to ask is “if someone were to intercept this email would they be able to identify who I am talking about?” If the answer is no you should be ok.
Here is an example of an unacceptable email:
Mary Johnson came in today to get the results of her pap smear. I told her you needed to speak to her about the abnormal results. Please call her at her home number in the PM system.”
Here would be an OK way to send the same information:
Patient MJ, chart # 52633 came in today to get her test results. I told her you needed to speak to her regarding the results. Please call her at her home number in the PM system.”
If it is necessary to send PHI then secure email should be used. You can either use a password protected email or an encrypted email.