Practice Management Alert

Stay Compliant:

Learn to Manage E-Mails With PHI

Save messages in paper form to eliminate confusion

If you don't control the flow of e-PHI through your e-mail system, a HIPAA violation may be just around the corner.
 When your staff receives e-mail messages from patients that contain protected health information (PHI) - and when your physician sends e-mails about patients to other providers - HIPAA mandates you tread very carefully. Follow these easy e-mail tips to ensure you keep in step with HIPAA:
 
1. Don't use e-mail to inquire about claim status.
E-mails can be difficult to manage, leading many payers to avoid this form of communication. If you want information from a carrier about claim status, you should use the standard claims status inquiry transaction available through your software system, says Margret Amatayakul, a consultant with Margret AConsulting in Schaumburg, Ill.
 
2. Hold on to patient e-mails that contain PHI. If a patient e-mails to cancel an appointment or inquire about a bill, you can delete it. But if a patient sends you his blood sugar levels each day, HIPAA mandates that you must keep the e-mails.
 
3. Save messages in paper form. Storing and sorting e-mails on the computer will likely suck up precious time and money. Instead, print out all patient e-mails containing PHI and stick them in the patient's record, says attorney Kerry Kearney, a partner with Reed Smith in Philadelphia.
 
If you've set up an electronic health record, you can simply connect e-mails to the patient record, Amatayakul says.
 
4. Save outbound e-mails containing PHI. HIPAA doesn't demand that you save the e-mails you send, but you don't want to find yourself on the losing end of a liability suit. By saving all outgoing messages that contain PHI, you'll ensure that you have the information necessary to cover yourself in case any problems crop up.
 
5. Be judicious with your e-mail address. If you aren't willing or able to spend the time and energy printing and saving patients' e-mailed PHI, then don't advertise your e-mail address.
 
6. Eliminate unnecessary uses of PHI. Ask physicians to keep PHI out of their e-mails unless it's necessary for treatment, payment or health operations, Amatayakul says.