We are exploring an opportunity to email receipts to patients. If the only identifying information is our name/logo, payment amount, patient name, partial medical record number, and account number, is it necessary to have the email encrypted? Thoughts?
I agree with others on the original question be careful using e-mail unless specifically requested by the patient.
Andy I would think that just because a patient provides their cell or e-mail information would not meet the requirement to insure the patient is aware of the risks of utilizing such media for unsecured communications, unless the consent form includes that language.
Sherrie A. King
Appalachian Regional Healthcare System
Compliance Hotline: 1-800-656-7743
Them has left the building, it's just Us.
"Our deepest fear is not that we are inadequate. Our deepest fear is that we are powerful beyond measure. It is our light, not our darkness, that most frightens us."
This document may contain information covered under the Privacy Act, 5 USC 552(a), and/or the Health Insurance Portability and Accountability Act (PL 104-191) and its various implementing regulations and must be protected in accordance with those provisions. Healthcare information is personal and sensitive and must be treated accordingly. If this correspondence contains healthcare information it is being provided to you after appropriate authorization. You, the recipient, are obligated to maintain it in a safe, secure and confidential manner. Redisclosure without additional patient consent or without legal basis is prohibited. Unauthorized redisclosure or failure to maintain confidentiality subjects you to application of appropriate sanctions. If you have received this correspondence in error, please notify the sender at once and destroy any copies you have made.
I agree with Sherrie and David. I don't think you can rely on any theory of implied consent here. As I read HHS's comments on the security rule, patients have to be notified that there is "some level of risk" before sending them PHI by unencrypted e-mail.