Wednesday, July 16, 2014

Email & HIPAA for Private Practice

Email and HIPAA compliance does not need to feel like a gray area.  Here are the nuts and bolts of risks associated with email and what you can do to be legally protected and provide informed consent to your clients.
  • email is generally unencrypted
  • emails can be sent to the wrong recipient if you or client are not careful
  • discuss email policy with clients (cover potential risks and types of information you and client are not comfortable communicating via email)
  • as a rule of thumb, include the minimum necessary personal health information (PHI) in email
  • HIPAA specifies that clients can choose how they want to receive information
  • use a consent form that specifies your email policy
If you haven't already, discuss your email policy with clients and have them sign a consent form that outlines the policy.  If you need a consent template, then feel free to download mine as a word document.  Make sure to add what types of information that you and your client do not want to communicate via email.  I think it is good policy to do this on a case by case basis to encourage dialogue.

No comments:

Post a Comment