Ob-Gyn Coding Alert

12 Ways to Minimize Fax and E-Mail Risks

Published on Fri Sep 19, 2003

Expert methods to protect PHI If you want to stay out of the courthouse and the newspapers, follow these personal health information faxing and e-mailing tips from Gwen Hughes with Care Communications in Chicago. For faxing:
Make sure you're sending your faxes to the right place. Double-check every fax number before hitting "Send." If you preprogram any numbers, make sure you double-check these as well before saving them.
Put your fax machine in a secure place. Don't leave it sitting on a counter in the waiting room, visible to patients and others who should not have access.
Put a confidentiality coversheet on every fax. The box below provides one example. Periodically remind providers and business partners that they need to tell you ASAP if their fax numbers change.
Remember that you - not the patient - need to be vigilant about protecting PHI. "Sometimes [patients] want you to fax a copy of their health information to them," Hughes says, but they might not realize the potential for disaster. The provider is responsible for taking the extra step and explaining to the patient exactly what this entails.
Ask the patient where he is: Is he at home, at work, or at a Kinko's downtown? If he is anywhere but at home, remind him that what he's asking you to fax is his personal medical information, and point out that he   might not want to do this if he isn't going to be   hovering over the fax machine waiting for the info to come through. For e-mailing:
Make sure you have encryption software.
Put a confidentiality disclaimer in your e-mail   template. (See the disclaimer at the end of this article       for an example.)
Explain the risks to patients. Again, the onus is on you and your office - not the patient - to make sure that misdirected, intercepted, or inappropriate e-mails don't jeopardize patient privacy. Don't assume that patients know how e-mail works, and don't let them assume you can respond to their e-mails faster than you can.
Determine which of your colleagues should be   allowed to e-mail PHI. Make sure that they're well   trained, Hughes warns, and that no one else can e-mail PHI.
Print out all e-mails and save the hard copies as part of the patient's medical record. Keep a list of patients who e-mail so that you can notify them if your system is temporarily taken down. This will prevent situations in which they send you important e-mails at a time when you can't access them.
Don't forward patient-identifiable information to a third party unless you have the patient's authorization to do so.
Don't e-mail extra-sensitive PHI. Some kinds of   communications should not be conducted through e-mail. [...]

You’ve reached your limit of free articles. Already a subscriber? Log in.

Not a subscriber? Subscribe today to continue reading this article. Plus, you’ll get:

Simple explanations of current healthcare regulations and payer programs
Real-world reporting scenarios solved by our expert coders
Industry news, such as MAC and RAC activities, the OIG Work Plan, and CERT reports
Instant access to every article ever published in your eNewsletter
6 annual AAPC-approved CEUs*
The latest updates for CPT®, ICD-10-CM, HCPCS Level II, NCCI edits, modifiers, compliance, technology, practice management, and more

*CEUs available with select eNewsletters.