Is your Email system HIPAA compliant?

With the advent of internet email has emerged as a communication solution and more and more patients are looking to communicate with their healthcare providers via email. Some healthcare practitioners do however feel that emailing their patients equates to working for free, but some clinics have already adopted charging for email consultations.

It is possible for clinics to shift towards a digital medical office while remaining financially solid. Rights management software tools have become a reality for the small and medium business office.

With any medical advance, the side affects of a solution or cure, must also be considered. While email is beneficial time-wise and financially, there are also cons to using this tool – many HIPAA related. According to the Health Privacy Project’s 2005 study, 70% of Americans are concerned that personal health information (PHI) could be disclosed as a result of weak data security.

Currently, healthcare organizations are required to provide a disclosure statement when communication is sent to their patients. With the advent of phishing, malware, and spyware, the unintended recipient could possibly spread a patients PHI like a virus; using or selling data to any number of damaging sites.

Under HIPAA, facilities not compliant to protecting their patient’s PHI face stiff penalties. PHI includes and is not limited to:

* Patient’s address, phone number
* Treating Hospital/Clinic number assigned the patient
* Patient’s date of birth/ SSN
* Patients legal next of kin/guardian and their telephone number
* Patient’s insurance information (pre-certification/ DSHS/ Medicare)
* Anticipated Admission date and time

HIPAA email is regarded as anything that contains any information relating to your medical records. They can be anything from your address or phone number, date of birth, social security number, next of kin, insurance information administrative or otherwise and even your admission information for any medical visits or stays.

It isn’t only clinics, hospitals or doctors that are subject to this.  Your employer is too if you have a health or medical plan.  Companies who handle this kind of information have to have an information storage strategy that complies with HIPAA and many other pieces of legislation.  Many companies handle this in-house with their existing staff and infrastructure.

While some companies handle this in house, others outsource this burden to companies like Archive Compliance who will take care of their secure storage for them.  Companies like this have to demonstrate that their storage and retrieval methods are secure to be able to remain in business.