The Rheumatologist
  • Connect with us:
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Feed
  • Home
  • Conditions
    • Rheumatoid Arthritis
    • SLE (Lupus)
    • Crystal Arthritis
    • Spondyloarthritis
    • Osteoarthritis
    • Soft Tissue Pain
    • Scleroderma
    • Vasculitis
    • Systemic Inflammatory Syndromes
    • Guidelines
  • Drug Updates
    • Biologics & Biosimilars
    • DMARDs & Immunosuppressives
    • Topical Drugs
    • Analgesics
    • Safety
    • Pharma Co. News
  • Professional Topics
    • Ethics
    • Legal
    • Legislation & Advocacy
    • Career Development
      • Certification
      • Education & Training
    • Awards
    • Profiles
    • President’s Perspective
    • Rheuminations
  • Practice Management
    • Billing/Coding
    • Quality Assurance/Improvement
    • Workforce
    • Facility
    • Patient Perspective
  • Technology
    • Electronic Health Records
    • Apps
    • Information Technology
  • Resources
    • Issue Archives
    • Events
    • Multimedia
      • Audio
      • Video
    • From the College
    • American College of Rheumatology
    • Rheumatology Research Foundation
    • Arthritis & Rheumatology
    • Arthritis Care & Research
    • Treatment Guidelines
    • Research Reviews
    • Annual Meeting
      • Abstracts
      • Meeting Reports
    • Rheumatology Image Bank
    • ACR ExamRheum
  • About Us
    • Mission/Vision
    • Meet the Authors
    • Meet the Editors
    • Contribute to The Rheumatologist
    • Subscription
    • Contact
  • Advertise
  • Search
You are here: Home / Articles / Email & Text in the World of HIPAA

Email & Text in the World of HIPAA

May 17, 2019 • By From the College

  • Tweet
  • Email
Print-Friendly Version / Save PDF
 fizkes / shutterstock.com

fizkes / shutterstock.com

The world we live in necessitates infor­mation be communicated in a quick and easy manner. This remains true in the healthcare setting. The ability to text or email staff and patients has become a priority for many healthcare entities. However, maintaining patient privacy and confidentiality is essential to ensure we meet compliance standards. Although emailing and texting are convenient, these communication methods have inherent pitfalls. Implementing email and text solutions in the healthcare setting is a complex issue and several factors must be addressed.

You Might Also Like
  • HHS Enforces Stricter Rules on HIPAA
  • HIPAA Privacy Rules Bring New Enforcement Guidelines
  • HIPAA Security Standards: What Rheumatologists Need to Know
Explore This Issue
May 2019
Also By This Author
  • Training Rheumatologists to Meet the Needs of Patients

The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules require covered entities (including healthcare providers and health plans) and their business associates implement certain safeguards when emailing or texting electronic protected health information (ePHI) to patients or others. Enacted in 1996, HIPAA has rules regarding the use and disclosure of protected health information (PHI) to ensure it remains private. The HIPAA Privacy Rule defines PHI as individually identifiable information transmitted or maintained in any form or medium whether electronic, on paper or oral by a covered entity or a business associate. HIPAA regulates:

ad goes here:advert-1
ADVERTISEMENT
SCROLL TO CONTINUE
  • How and when to disclose PHI;
  • Ways providers and health plans must protect PHI; and
  • Patient rights to access their own information.

The HIPAA Privacy Rule not only allows, but requires covered entities to communicate with patients via email or text if requested by the patient (see 45 CFR 164.522[b]). Patients are allowed to send providers and their practices any PHI they would like via email or text. The information is the patient’s, and they have the right to do with it and request information as they please. However, the Privacy Rule requires covered entities implement appropriate safeguards when emailing or texting ePHI to patients.

The U.S. Department of Education’s Office for Civil Rights (OCR) explains:

ad goes here:advert-2
ADVERTISEMENT
SCROLL TO CONTINUE

The Privacy Rule allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they apply reasonable safeguards when doing so. See 45 CFR 164.530(c). For example, certain precautions may need to be taken when using e-mail to avoid unintentional disclosures, such as checking the e-mail address for accuracy before sending, or sending an e-mail alert to the patient for address confirmation prior to sending the message. Further, while the Privacy Rule does not prohibit the use of unencrypted e-mail for treatment-related communications between health care providers and patients, other safeguards should be applied to reasonably protect privacy, such as limiting the amount or type of information disclosed through the unencrypted e-mail. In addition, covered entities will want to ensure that any transmission of electronic protected health information is in compliance with the HIPAA Security Rule requirements at 45 CFR Part 164, Subpart C.1

The Privacy Rule requires covered entities and their business associates to “implement technical security measures to guard against unauthorized access to PHI that is being transmitted over an electronic communications network” (45 CFR 164.312[e][1]). Encryption is an addressable implementation standard, meaning the covered entity or business associate must encrypt the ePHI if it determines doing so is “reasonable and appropriate.” If not, the covered entity or business associate must 1) document why it would not be reasonable and appropriate to encrypt the data, and 2) implement an equivalent alternative measure if reasonable and appropriate.

Pages: 1 2 3 | Single Page

Filed Under: From the College, Practice Management, Technology Tagged With: email, HIPAA, text messagingIssue: May 2019

You Might Also Like:
  • HHS Enforces Stricter Rules on HIPAA
  • HIPAA Privacy Rules Bring New Enforcement Guidelines
  • HIPAA Security Standards: What Rheumatologists Need to Know
  • Physician Texting Could Violate HIPAA

Simple Tasks

Learn more about the ACR’s public awareness campaign and how you can get involved. Help increase visibility of rheumatic diseases and decrease the number of people left untreated.

Visit the Simple Tasks site »

American College of Rheumatology

Visit the official website for the American College of Rheumatology.

Visit the ACR »

Rheumatology Research Foundation

The Foundation is the largest private funding source for rheumatology research and training in the U.S.

Learn more »

The Rheumatologist newsmagazine reports on issues and trends in the management and treatment of rheumatic diseases. The Rheumatologist reaches 11,500 rheumatologists, internists, orthopedic surgeons, nurse practitioners, physician assistants, nurses, and other healthcare professionals who practice, research, or teach in the field of rheumatology.

About Us / Contact Us / Advertise / Privacy Policy / Terms of Use

  • Connect with us:
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Feed

Copyright © 2006–2019 American College of Rheumatology. All rights reserved.

ISSN 1931-3268 (print)
ISSN 1931-3209 (online)

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.
This site uses cookies: Find out more.