Patient Privacy Issues with Unencrypted Email
Monday, August 28th, 2017We have scoured the internet for real-life examples of emails in medical scenarios to convince our readers of our points in past posts about the perils and pitfalls of using unencrypted emails for communications. Email is one of the oldest (some even refer to it as “legacy”) tools in our always-connected, digital world. However, its use between patients and their medical providers and between doctors and their business associates can be fraught with issues that may violate the Health Insurance Portability and Accountability Act (HIPAA) provisions.
The HIPAA privacy rules require covered entities and their business associates to protect patients’ health information from unauthorized disclosure. The HIPAA security rules do not mandate specific technologies or prohibit others. In fact, HIPAA:
“…allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they apply reasonable safeguards when doing so.”
An imperfect understanding of patients’ privacy concerns, lack of proficiency in using computers or access to them, and misguided policies on usage play a part in HIPAA privacy breaches. The consequences of such breaches can be quite burdensome for the medical provider.
Medical providers often forget (or might even be unaware of) “reasonable safeguards” that can easily be implemented to prevent emails from leaking information that patients might consider as compromising their privacy. By analyzing real-life examples of how email is used (well, actually misused) in practice, we hope this post can convince you of reasonable safeguards to make email a valuable and efficient part of your workflow while conforming to HIPAA.
Read the rest of this post »