HIPAA Email Guidelines
by Leigh-Ann Renz, 2.12.16
Does Email Violate HIPAA?
With OCR set to increase audits in early 2016, maintaining HIPAA compliance for your organization is more important than ever. Does email violate HIPAA regulations? How do you transmit information – or email – in a HIPAA-compliant format?
- Don’t ever send Protected / Personal Health Information (PHI) through a Cloud-based email service such as Yahoo or Gmail. These emails constitute a HIPAA breach, because they are entrusting PHI to third parties who haven’t signed a Business Associate Agreement (BAA).
- If your clients insist on using this type of service: 1) explain the risk; 2) if they persist, make sure you have documentation of their permission / request to utilize the email service used.
- Communicate within your EMR software / patient portal – or use secure, encrypted email – whenever possible
Are Compliant Email Services Available?
- Office 365 Azure Rights Management is one example of hundreds of HIPAA-compliant email providers available.
- Google Business Apps is another option, and it can be combined with OpenPGP for end-to-end encryption
For more information about keeping your clients’ PHI secure and HIPAA-compliant, check out:
Where’s Your PHI Data?
HIPAA Breach Protocols
HIPAA Resource Center (geared to mental / behavioral health)
Sources Include: 4medapproved