Question: We do not now have any encryption services on our office e-mail system. How can I keep my staff from unintentionally violating privacy rules?
Utah Subscriber
Answer: Unless it's encrypted, e-mail is highly susceptible to interference. As long as your employees are sending unprotected, plain-text e-mails, they should not pack those messages with patients' health information.
However, there are instances in which a staff member must plug protected health information (PHI) into an e-mail - for example, when an optometrist calls an outside specialist to consult on a patient with an eye injury, and the optometrist sends the specialist the patient's most recent visual field results.
Don't rely on your staff members to know what information goes in the PHI category. Give them a list of identifiers to post by their computer monitors. That way, they can refer to the list as they send e-mails. Make sure the list of forbidden items includes: