Optometry Coding & Billing Alert

Ask a HIPAA Expert:

Outgoing Communications and Confidentiality

Question: Does HIPAA require confidentiality statements on all e-mails and faxes?

Idaho subscriber

Answer: While there may be nothing in the HIPAA regulations that specifically requires confidentiality statements on e-mails and faxes, it's still an adequate safeguard - whether you're a healthcare entity or not - to use these types of statements, says Stephen Bernstein, an attorney with the Boston office of McDermott Will & Emery.
 
Essentially, the statement itself should be designed to alert someone that if you aren't the intended recipient of the message, then "you shouldn't be nosing around in it, and you should return it," he says.
 
Entities should also keep in mind that just because the regulations don't spell out any specific confidentiality statement requirements doesn't mean that such statements won't ever be deemed "reasonable safeguards" under HIPAA, Bernstein says. "While it may not be required [now], it may become a kind of a standard that's considered a reasonable safeguard," he says. "It may fall within the definition of 'Doing it is reasonable - not doing it is perhaps unreasonable.' "

Other Articles in this issue of

Optometry Coding & Billing Alert

View All