Optometry Coding & Billing Alert

READER QUESTIONS:

Protect PHI-Purge Plain-Text E-mails

Question: We do not now have any encryption services on our office e-mail system. How can I keep my staff from unintentionally violating privacy rules?


Utah Subscriber


Answer: Unless it's encrypted, e-mail is highly susceptible to interference. As long as your employees are sending unprotected, plain-text e-mails, they should not pack those messages with patients' health information.

However, there are instances in which a staff member must plug protected health information (PHI) into an e-mail - for example, when an optometrist calls an outside specialist to consult on a patient with an eye injury, and the optometrist sends the specialist the patient's most recent visual field results.

Don't rely on your staff members to know what information goes in the PHI category. Give them a list of identifiers to post by their computer monitors. That way, they can refer to the list as they send e-mails. Make sure the list of forbidden items includes:
 

  •  Patients' street addresses
     
  •  Medical record numbers
     
  •  Health plan beneficiary numbers
     
  •  Certificate or license numbers
     
  •  Vehicle identifiers.
  • Other Articles in this issue of

    Optometry Coding & Billing Alert

    View All