ePHI in Text Messages and Insecure Email: Does HIPAA allow Mutual Consent?
Sunday, January 18th, 2015
“Lets just agree that insecurely texting or emailing your medical appointments or lab results to your is OK….” Can you actually have such a discussion and agreement with a patient or organization?
HIPAA is pretty adamant that email messages containing ePHI must be properly handled, and that includes transport encryption and archival. However, encrypting all routine communications between doctor and patient is excessively tedious in some situations.
Enter the idea of “Mutual Consent” where doctor and patient both agree that email containing ePHI can be sent from the doctor to the patient’s regular email account without any special considerations or encryption. This is a small “holy grail” that doctors like to imagine as “if all their patients consent then the doctors do not have to worry about secure email.”
It’s really not that simple, though. Here we explain way. Note that this is not intended as legal advice … you should always contact your lawyer for advice on how HIPAA applies specifically to your situation and for clarification on grey areas of the law such as this.
Read the rest of this post »
