A Look at Email and HIPAA

Disclaimer: I am not a lawyer and do not offer legal advice. The others quoted in this post are offering general information or interpretation and not specific legal advice or any statement of fact. For more background on this topic, check out my previous post “Practice Fusion Violates Some Physicians’ Trust in Sending Millions of Emails to Their Patients” When I first started looking into the millions of emails that Practice Fusion was sending to patients, doctors were suggesting that these emails constituted a HIPAA violation. Practice Fusion has responded in my previous post that “The patient email reminder and feedback program is absolutely HIPAA compliant, under both the current and new Omnibus rules. We conduct thorough compliance research with every single new feature we launch.” I wanted to explore the HIPAA concerns regarding emails like these, so I talked to a number of HIPAA lawyers and experts. I believe the following look at HIPAA and emails will be informative for everyone in healthcare that’s considering sending emails. Before I go into a detailed look at sending emails to patients, it is worth noting that under HIPAA emails can be sent to patients by doctors if the doctor has used “reasonable safeguards” and patients have agreed to email communication with their doctor. The following is a great HHS FAQ on use of email and HIPAA where this is outlined. This leaves three HIPAA related questions: 1. Is Practice Fusion l...
Source: EMR and HIPAA - Category: Technology Consultants Authors: Tags: EHR Electronic Health Record Electronic Medical Record EMR HealthCare IT HIPAA General David Harlow HIPAA Emails Mac McMillan PHI Practice Fusion Secure Emails William O'Toole Source Type: blogs