Chief Compliance and Ethics Officer Health Care

HIPAA and email

  • 1.  HIPAA and email

    Posted 05-06-2020 06:02 PM
    Hello All,

    Does anyone care to share how they keep their emails HIPAA complaint? We are looking for a low (preferably no) cost solution to encrypt PHI so that it can be sent through email.

    Thank you in advance,

    Dionna Taylor, CHC, CPCO
    Compliance Officer
    Northeastern Rural Health Clinics
    2020 HCCA Compliance Institute

  • 2.  RE: HIPAA and email

    Posted 05-06-2020 06:27 PM
    We ask patients to send messages to the office using the patient portal. We use Microsoft Outlook and if ever need to use email for PHI, we type "ENCRYPT:" in the Subject line of the email. This encrypts the email so the data remains on your server. You may want to check with IT Dept if you have this feature. If you do, test it yourself by sending a test email to a non-work email so you can become familiar with what the recipient will see. I hope this helps.

    Christian Garcia
    Compliance Specialist
    Men's Health Foundation
    Los Angeles,CA

    2020 HCCA Compliance Institute

  • 3.  RE: HIPAA and email

    Posted 05-07-2020 11:26 AM
    I trust this finds everyone remaining healthy.
    Sending via any email system, even though encrypted 'in route' still leaves a file in either an out or in box.  I would recommend looking into Citrix ShareFile or other similar program.

    Stay healthy - physically distanced - socially connected

    Gregory Kleiner MSW
    Director of Compliance
    Consejo Counseling and Referral
    Seattle, WA

    2020 HCCA Compliance Institute

  • 4.  RE: HIPAA and email

    Posted 05-06-2020 06:40 PM
    Office 365 , if you all use it, may have a built-in encryption option that can be activated,  from what I understand.  

    2020 HCCA Compliance Institute

  • 5.  RE: HIPAA and email

    Posted 05-07-2020 08:55 AM
    We use Office365 and have encryption turned on for all external emails.  This makes it foolproof.  If we want to send an email unencrypted, we must put [unsecure] in the subject line.  PHI sent [unsecure] is not an accident, it requires an action on the part of the sender.

    Lloyd Hemmert
    Compliance & Ethics Officer
    Hill Country MHDD Centers

    2020 HCCA Compliance Institute