When the 21st Century Cures Act was passed in 2016, patients and their caregivers were guaranteed digital access to their clinical data. While the act/law itself was passed by congress in 2016, the associated regulations were published in March 2020. Once fully implemented, patients would gain the right to access their health information online. The Act also allows all clinicians involved in a patient’s care to request information from other clinical care teams. Sending patient information electronically will become the new norm, and email is a commonly used format. But is it okay to send any patient information in an email?

Can You Send Health Information in an Email?

Technically, you can send health information via email, but not without risks. HIPAA does permit healthcare providers to share information about patients through email, but you’ll need to take important, critical extra security measures. 

protecting patient privacy
Click for article

If you’re emailing medical records, there are certain precautions you need to take to protect patient privacy. Start by checking the accuracy of the recipient’s email address. It’s also a good idea to send an email alert to the patient notifying him/her that a physician is requesting their medical information from another physician. And remember that when you send an unencrypted email, remember to keep HIPAA guidelines in mind and limit the amount and type of patient information in any unencrypted communications.

Protecting patient privacy can get complicated, especially since patients and other clinicians have the right to view medical records. As a clinical care team, you need to protect not only your patients but yourself as well. Just because you won’t t break any laws by sharing information through email doesn’t mean it’s safe for you to do so.

Risks of Sharing Health Information in an Email

Email is not a secure place to share protected information. It lacks security and privacy, and it can’t handle large files such as test results or high-resolution studies such as MRIs or CAT Scans

While sending medical records via email doesn’t directly violate HIPAA laws, the information could easily be obtained by unauthorized individuals and a breach exposing a practice to liability may occur. Mistakes can happen when:

  • There is an error in the email address and the wrong person receives the information. This can easily happen if there’s an autofill feature that fills in the email addresses you’re typing.
  • You accidentally send out additional confidential information by mistake
  • Even when an email is encrypted, the message headers are usually not. This means that the subject line and “to” and “from” fields may be collected and viewed by someone that’s not authorized to see patient information.

When is it Okay to Use Email to Share Health Information?

There are times when it’s okay to send information via email, but only if the patient gives authorization.

Under the Privacy Rule, patients can request how they’d like to communicate with their healthcare providers. Many patients choose to communicate with email or text messages instead of mail or phone calls. Patients must be made aware of the risks involved with email communication and choose these less secure forms regardless. Other forms of secure communication, like secure electronic platforms or phone calls, are a better way to go.

Offering Secure Patient Communication

The 21st Century Cures Act improves patient care by giving patients increased rights to have access to their medical data and health records and prohibiting providers and health technology vendors from not sharing upon request. Sharing information electronically will become the norm. Unfortunately, it is easy to make mistakes that violate patient privacy, and this puts your patients and your clinical care team at risk.

There’s an easier way to make sure the right documents go to the right people, with the right authorization. Vivlio Health is here to help you do just that.