If you’re emailing medical records, there are certain precautions you need to take to protect patient privacy. Start by checking the accuracy of the recipient’s email address. It’s also a good idea to send an email alert to the patient notifying him/her that a physician is requesting their medical information from another physician. And remember that when you send an unencrypted email, remember to keep HIPAA guidelines in mind and limit the amount and type of patient information in any unencrypted communications.
Protecting patient privacy can get complicated, especially since patients and other clinicians have the right to view medical records. As a clinical care team, you need to protect not only your patients but yourself as well. Just because you won’t t break any laws by sharing information through email doesn’t mean it’s safe for you to do so.
Risks of Sharing Health Information in an Email
Email is not a secure place to share protected information. It lacks security and privacy, and it can’t handle large files such as test results or high-resolution studies such as MRIs or CAT Scans
While sending medical records via email doesn’t directly violate HIPAA laws, the information could easily be obtained by unauthorized individuals and a breach exposing a practice to liability may occur. Mistakes can happen when:
- There is an error in the email address and the wrong person receives the information. This can easily happen if there’s an autofill feature that fills in the email addresses you’re typing.
- You accidentally send out additional confidential information by mistake
- Even when an email is encrypted, the message headers are usually not. This means that the subject line and “to” and “from” fields may be collected and viewed by someone that’s not authorized to see patient information.
When is it Okay to Use Email to Share Health Information?
There are times when it’s okay to send information via email, but only if the patient gives authorization.
Under the Privacy Rule, patients can request how they’d like to communicate with their healthcare providers. Many patients choose to communicate with email or text messages instead of mail or phone calls. Patients must be made aware of the risks involved with email communication and choose these less secure forms regardless. Other forms of secure communication, like secure electronic platforms or phone calls, are a better way to go.
Offering Secure Patient Communication
The 21st Century Cures Act improves patient care by giving patients increased rights to have access to their medical data and health records and prohibiting providers and health technology vendors from not sharing upon request. Sharing information electronically will become the norm. Unfortunately, it is easy to make mistakes that violate patient privacy, and this puts your patients and your clinical care team at risk.
There’s an easier way to make sure the right documents go to the right people, with the right authorization. Vivlio Health is here to help you do just that.