Ob-Gyn Coding Alert

12 Ways to Minimize Fax and E-Mail Risks

Expert methods to protect PHI

If you want to stay out of the courthouse and the newspapers, follow these personal health information faxing and e-mailing tips from Gwen Hughes with Care Communications in Chicago.

For faxing:
 

  • Make sure you're sending your faxes to the right  place. Double-check every fax number before hitting "Send." If you preprogram any numbers, make sure you double-check these as well before saving them.
     
  • Put your fax machine in a secure place. Don't leave it sitting on a counter in the waiting room, visible to patients and others who should not have access.
     
  • Put a confidentiality coversheet on every fax. The  box below provides one example. Periodically remind  providers and business partners that they need to tell you ASAP if their fax numbers change.
     
  • Remember that you - not the patient - need to be vigilant about protecting PHI. "Sometimes [patients] want you to fax a copy of their health information to them," Hughes says, but they might not realize the potential for disaster. The provider is responsible for taking the extra step and explaining to the patient exactly what this entails.
     
  • Ask the patient where he is: Is he at home, at work, or at a Kinko's downtown? If he is anywhere but at home, remind him that what he's asking you to fax is his personal medical information, and point out that he   might not want to do this if he isn't going to be   hovering over the fax machine waiting for the info to  come through.

    For e-mailing:
     

  • Make sure you have encryption software.
     
  • Put a confidentiality disclaimer in your e-mail   template. (See the disclaimer at the end of this article       for an example.)
     
  • Explain the risks to patients. Again, the onus is on you and your office - not the patient - to make sure  that misdirected, intercepted, or inappropriate e-mails  don't jeopardize patient privacy. Don't assume that patients know how e-mail works, and don't let them assume you can respond to their e-mails faster than you can.
     
  • Determine which of your colleagues should be   allowed to e-mail PHI. Make sure that they're well   trained, Hughes warns, and that no one else can e-mail PHI.
     
  • Print out all e-mails and save the hard copies as part of the patient's medical record. Keep a list of patients who e-mail so that you can notify them if your system is temporarily taken down. This will prevent situations in which they send you important e-mails at a time when you can't access them.
     
  • Don't forward patient-identifiable information to a third party unless you have the patient's authorization to do so.
     
  • Don't e-mail extra-sensitive PHI. Some kinds of   communications should not be conducted through e-mail. A

    Attorney Robyn Meinhardt with Foley & Lardner in Denver points to results of HIV tests as an egregious example. Providers and payers should determine which types of information will not be sent through e-mail, and should make sure patients are clear on that policy.

  • Other Articles in this issue of

    Ob-Gyn Coding Alert

    View All