Question: Our patients frequently ask if we can send them appointment reminders or bills via email. However, we are currently not equipped with secure email. Is it a violation of the Health Insurance Portability and Accountability Act (HIPAA) to communicate with patients in this way? Virginia Subscriber Answer: Yes, you can communicate with patients via unsecured email. But you will have to make sure you have taken the following precautions before you do. First, you have to make sure you have applied “reasonable safeguards” before electronically communicating with a patient. By that, the U.S. Department of Health & Human Services (HHS) recommends you take every step to verify the patient’s email address, including “sending an e-mail alert to the patient for address confirmation prior to sending the message.” HHS also suggests you limit “the amount or type of information disclosed through… unencrypted e-mail.”
Second, you must abide by the patient’s wishes regarding this kind of communication. So, if a patient wants to use unsecured email to receive appointment reminder, you may do so; alternatively, if the patient does not want to use unsecured email to receive communications from you, your office must provide an alternative communication method that is acceptable to the patient. In the end, you should heed HHS’ advice and alert the patient of any risks inherent in unsecured email communication before agreeing to communicating in this way.