HIPAA mandates that any individually identifiable health information, including family health history, be protected by covered entities (like doctors, hospitals, and insurers). So, providers must use HIPAA compliant emails and text messaging to protect patients’ health information.

What is family health history?

The CDC defines family health history as “a record of the diseases and health conditions in [a patient’s] family.” More specifically, it refers to health information about a patient's family members, including diseases and conditions that may be hereditary.

This information can give healthcare providers insights into the conditions for which a patient may be at increased risk, guiding decisions on tests, preventative measures, and treatments.

The American Medical Association explains that “a family health history helps physicians and other health care practitioners provide better care for patients.”

Furthermore, “a properly collected family history can:

• Identify whether a patient has a higher risk for a disease.
• Help the health care practitioner recommend treatments or other options to reduce a patient’s risk of disease.
• Provide early warning signs of disease.
• Help plan lifestyle changes to keep the patient well.”

Due to its sensitive nature, family health history is classified as protected health information (PHI) and is subject to HIPAA regulations. The HHS specifies that the “HIPAA Privacy Rule allows a covered health care provider to use or disclose protected health information (other than psychotherapy notes), including family history information, for treatment, payment, and health care operation purposes without obtaining the individual’s written authorization or other agreement.”

HIPAA and family health history

Use and disclosure: PHI, including family health history, can only be used and disclosed for treatment, payment, and healthcare operations. Any other disclosures require explicit patient authorization.

Access rights: Patients have the right to access their PHI, request corrections, and obtain records of disclosures.

Privacy notice: Healthcare providers must inform patients about their privacy practices, including how they handle PHI like family health history.

Using secure communications

• Secure emails: All emails containing PHI must be encrypted. Providers must use a secure email platform, like Paubox, which uses encryption protocols to ensure that only the intended recipient can access the content of an email. This protects against unauthorized access during transmission, making it compliant with HIPAA’s Security Rule.
• Secure texting: Providers must also use an encrypted texting platform, like Paubox texting since standard text messaging does not meet HIPAA security standards. Using a secure platform, streamlines communication workflows among healthcare team members while adhering to strict privacy regulations.

Read also: Choosing a communication platform for patients

Tips for implementing secure communication solutions

- Vendor assessment: Ensure that any third-party service provider has a robust HIPAA compliance program. Look for services that offer Business Associate Agreements (BAAs) which are contracts that state the vendor’s HIPAA compliance.

- Employee training: Staff should be trained on using secure platforms, recognizing PHI, and understanding HIPAA’s rules regarding its use and disclosure.

- Regular audits: Regularly review and audit communication practices to ensure compliance and address any potential vulnerabilities.

Go deeper: How to conduct a HIPAA compliance audit

FAQs

What does HIPAA say about family medical history?

HIPAA allows the use and disclosure of family medical history for treatment, payment, and healthcare operations without explicit patient consent.

Can patients access their family medical history?

Yes, patients have the right to access their family medical history and request corrections to their medical records.

Why is standard text messaging not suitable for PHI?

Standard text messaging lacks the encryption and security measures needed to safeguard protected health information (PHI) under HIPAA. Providers must use a HIPAA compliant texting platform, Paubox, to protect patient privacy.