Question: Does HIPAA require confidentiality statements on all e-mails and faxes? Answer: While there may be nothing in the HIPAA regulations that specifically requires confidentiality statements on e-mails and faxes, it's still an adequate safeguard - whether you're a healthcare entity or not - to use these types of statements, says Stephen Bernstein, an attorney with the Boston office of McDermott Will & Emery.
Idaho subscriber
Essentially, the statement itself should be designed to alert someone that if you aren't the intended recipient of the message, then "you shouldn't be nosing around in it, and you should return it," he says.
Entities should also keep in mind that just because the regulations don't spell out any specific confidentiality statement requirements doesn't mean that such statements won't ever be deemed "reasonable safeguards" under HIPAA, Bernstein says. "While it may not be required [now], it may become a kind of a standard that's considered a reasonable safeguard," he says. "It may fall within the definition of 'Doing it is reasonable - not doing it is perhaps unreasonable.' "