top of page

Is E-mailing HIPAA Compliant?

Keyboard typing

When we bring on a new client, we often receive questions around e-mail communication with their patients. Some providers are unsure if they can communicate with their patients and staff through unsecured e-mail.

I recently was provided some great information from an Expert at the American Academy of Professional Coders (AAPC). The AAPC Expert provided me with some really clear information regarding this subject, as well as pointed to me to a fabulous article on the HHS site (click here for article)

As a billing company, often patients will initiate e-mail communication with us. If a patient is initiating the e-mail communication, it is assumed they are comfortable with the use of e-mail regarding their healthcare bills. If for some reason, the biller feels the patient is unaware of the possible implications of using unencrypted e-mail, it would be expected of the biller to explain this to the patient.

The Privacy Rule does allow for use of unencrypted e-mail for not only financial questions, but also health issues and treatment questions. It suggests providers take extra precautions to make sure they are not disclosing information to the wrong person. Some of the suggestions were verifying accuracy of patient e-mail address prior to sending financial or treatment information. Sending a test e-mail to the patient, in order to obtain a confirmation of receipt would be wise.

We always try to limit the amount of information provided in emails, and do not provide any clinical information. We also place an informational note on all e-mails, incoming and outgoing, to notify patients of possible risks of communicating with us through unencrypted e-mail. If patients have concerns, we will happily take the time to explain and work with them to make sure we’re communicating in a way that works best for them.

26 views0 comments
bottom of page