General Surgery Coding Alert

Reader Question:

Is E-Mail Ever HIPAA Compliant?

Question:  We have a consultant who occasionally helps us with billing questions. I’d like to e-mail patient records with my questions, but can I do that without violating HIPAA?

Codify Subscriber


Answer: 
Yes, you can send some patient records via e-mail, but only under very strict guidelines. Under HIPAA’s privacy rule, you should never send protected health information (PHI) via e-mail. But if you remove all individually identifiable health information that reasonably allows individual identification, you should be able to e-mail the clinical facts of the case to your consultant.

Do this: Send only the portions of the report that describe the clinical procedure and findings. Plus, include a confidentiality notice at the end of your e-mail. This guideline applies whether you send the e-mail from an office or from home.

Specifics: Before you send the report by e-mail, remove the patient’s name and Social Security number. You should also remove geographic identifiers, dates, phone, fax, and e-mail information, and medical record and device serial numbers. Then you read through the report before you send it to be sure you can reasonably assume the patient is no longer identifiable.

Experts advise that for extra security, you send an encrypted email to keep information safe.

 

Other Articles in this issue of

General Surgery Coding Alert

View All