" unencrypted email Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘unencrypted email’

ePHI in Text Messages and Insecure Email: Does HIPAA allow Mutual Consent?

Sunday, January 18th, 2015

“Lets just agree that insecurely texting or emailing your medical appointments or lab results to your is OK….”  Can you actually have such a discussion and agreement with a patient or organization?

HIPAA is pretty adamant that email messages containing ePHI must be properly handled, and that includes transport encryption and archival.  However, encrypting all routine communications between doctor and patient is excessively tedious in some situations.

Enter the idea of “Mutual Consent” where doctor and patient both agree that email containing ePHI can be sent from the doctor to the patient’s regular email account without any special considerations or encryption.  This is a small “holy grail” that doctors like to imagine as “if all their patients consent then the doctors do not have to worry about secure email.”

It’s really not that simple, though.  Here we explain way.  Note that this is not intended as legal advice … you should always contact your lawyer for advice on how HIPAA applies specifically to your situation and for clarification on grey areas of the law such as this.

Read the rest of this post »

How to Setup HIPAA Mutual Consent for Insecure Email at LuxSci

Friday, January 10th, 2014

We have recently discussed how mutual consent may be used to send individuals ePHI via insecure email under HIPAA in certain cases.

If you have decided to use mutual consent in your organization and are properly informing and warning your patients of the privacy risks, getting proper written waivers from them, and well documenting everything in preparation for a HIPAA audit, then all you’re all set to send the ePHI insecurely.

Right?  Well, there is a little more to it than that.

Read the rest of this post »