Home Health & Hospice Week

Reader Question:

Must You Encrypt B2B Communications When The Patient Makes This Request?

Don’t let email confusion lead to a HIPAA breach.

Question: I understand that a patient can request that we send  them unencrypted emails, but what about “business-to-business” (B2B) communications? Can a patient authorize our practice to email back and forth with another provider or entity without encrypting the communications?

Answer: No, the patient cannot say it’s fine for those B2B communications to happen via plain emails, states Jim Sheldon-Dean, founder and director of compliance services at Lewis Creek Systems in Charlotte, Vt. “That would amount to patients giving up their rights under HIPAA to have that information protected.”

Patients are allowed to ask for plain email communications when it’s with themselves, because that’s exerting their rights for how they would like you to communicate with them, Sheldon-Dean explains. But “as far as business communications are concerned, those should be encrypted communications. You shouldn’t be using plain email for transmitting PHI between business entities.”

Other Articles in this issue of

Home Health & Hospice Week

View All