Following the recent 2025 American Hospital Association (AHA) Leadership Summit, Rick Pollack, President and CEO, explained that “Delivering safe, high-quality care to patients remains hospitals’ top priority and is at the center of everything they do.”
Patient safety is a “framework of organized activities that creates cultures, processes, procedures, behaviours, technologies and environments in health care that consistently and sustainably lower risks, reduce the occurrence of avoidable harm, make errors less likely and reduce the impact of harm when it does occur,” the World Health Organization (WHO) explains in their Global Patient Safety Action Plan.
Despite decades of improvement efforts, patient safety incidents remain common, and in many cases, preventable.
According to a protocol ‘How does communication affect patient safety?’ submitted to BMJ Open, there are three main categories of patient safety incidents:
Adverse events include serious harm like disability or death, medical errors are failures to carry out the right action or carrying out the wrong one, and near misses are errors that nearly harm patients but are caught in time.
Adverse events are often the most devastating. “A never event is considered the most egregious of patient safety incidents,” the research states. These events, like wrong-site surgery, are preventable. Sentinel events are unexpected occurrences resulting in death or serious injury that also fall into this category.
There are also medical errors, which are “typically… surgical, diagnostic and medication errors, and are broadly categorised as either errors of commission (taking the wrong action) or errors of omission (not taking the correct action).”
Near misses, on the other hand, don’t harm patients but reveal dangerous gaps in the system. They are “errors that have the potential to cause adverse events but do not reach the patient due to chance, corrective action, and/or timely intervention.”
All three categories are linked by one common factor, namely, communication failures.
According to the protocol, there are “several types of communication related to patient safety.” The “main type is communication between the patient (or carer) and practitioner,” but communication “between practitioners (both interprofessional and intraprofessional) can also affect patient safety.”
The modes of communication can also differ. “Verbal and written (including letters, emails, notes, and text messages)” can all affect patient safety, depending on how they’re used.
So, what does poor communication look like? Researchers define it as “lack of precise, accurate, meaningful, and relevant information having been exchanged and understood.” This includes “failure to adequately explain medical procedures, test results, or treatment plans in a way that patients can understand.” It also occurs when “handoffs between healthcare practitioners omit essential information.”
These lapses in communication can delay care, lead to misdiagnoses, and cause medication or procedural errors. Preventing them requires communication systems that are secure, standardized, and designed to facilitate accurate information-sharing.
Email is one of the most widely used and trusted forms of communication. In 2023, there were 4.37 billion email users globally. That number is projected to rise to 4.89 billion by 2027, according to Statistica’s Number of e-mail users worldwide from 2018 to 2027.
Healthcare organizations can leverage these statistics, using email to deliver test results, schedule appointments, and update care teams. However, any email that contains an individual’s protected health information (PHI) must comply with HIPAA regulations. More specifically, healthcare providers must use encryption and other safeguards to prevent unauthorized PHI access or accidental disclosure.
HIPAA compliant email solutions, like Paubox, allow providers to send sensitive information securely, without requiring patients to log into clunky portals. The platform protects patient privacy, streamlines workflows, and prevents dangerous delays.
Read also: Science shows how critical email marketing is to healthcare
Never events, like surgery on the wrong body part, are also completely preventable when protocols are followed. HIPAA compliant email can help by sending:
Ultimately, these communications would give patients and providers information that is consistent and accessible, reducing the risk of oversights.
Medical errors are often linked to miscommunication. For example, if a patient’s medication dose changes but not all team members are notified, dangerous mistakes can happen. Secure email provides a single channel where updates can be sent to prescribing physicians, pharmacists, and nurses simultaneously.
HIPAA compliant email also reduces the reliance on informal channels like phone calls, so the right people can receive the right messages, improving clarity and accountability.
Near misses are valuable learning opportunities, but they’re often underreported because staff might fear HIPAA violations or blame. Secure email makes it easy to report these incidents safely and quickly. Paubox emails are automatically encrypted, so employees can share information about close calls without risking patient privacy.
Over time, these reports can help organizations spot patterns, address weaknesses, and prevent harm before it occurs.
“Failure to adequately explain medical procedures, test results, or treatment plans in a way that patients can understand” can lead to dangerous misunderstandings.
Providers can use HIPAA compliant email to send easy-to-read instructions, educational resources, and reminders directly to patients’ inboxes. These emails can reduce confusion by reinforcing verbal instructions and giving patients a reference they can revisit at home.
Examples include:
Since HIPAA compliant emails are encrypted, patients can trust that their private information stays secure while they receive actionable updates.
Improving communication isn’t enough, and healthcare organizations must also measure their impact. “Patient safety incidents are measured in a number of different ways, including patient reports, voluntary error reporting systems, automated surveillance, and chart reviews,” the protocol explains.
HIPAA compliant email platforms make measurement easier. They generate audit trails showing when messages were sent, delivered, and opened. The data helps organizations understand whether communication gaps are being closed and provides evidence during quality audits or safety reviews.
Safety depends on coordination, especially when multiple clinicians are involved in a patient’s care. HIPAA compliant email improves collaboration, giving teams a centralized, secure place to share updates, questions, and clarifications.
For example, when a patient is discharged from the hospital, their care plan can be emailed securely to their primary care physician, home health nurse, and specialist. This reduces the chance of conflicting instructions or missed follow-ups.
Similarly, during shift handoffs, secure emails can document updates about patient status, medications, and pending test results. These written communications are a safety net, reducing reliance on verbal exchanges.
According to the WHO, patient safety requires building “cultures, processes, procedures, behaviours, technologies and environments… that consistently and sustainably lower risks.”
HIPAA compliant email helps organizations:
When secure email is built into daily workflows, it becomes second nature for clinicians to double-check details and loop in the right colleagues. Over time, these habits create a stronger culture of safety.
Here are a few ways healthcare providers can use HIPAA compliant emails to prevent harm:
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards for safeguarding protected health information (PHI). HIPAA mandates that healthcare providers, insurers, business associates, and some federal agencies safeguard patients' PHI during transit and at rest.
As of March 2025, HIPAA violations incur fines from $141 to $2,134,831 per violation, depending on culpability.
Tier 1 penalties apply to unintentional violations ($141–$35,581), while Tier 2 covers breaches due to reasonable cause ($1,424–$71,162). Tier 3 applies to willful neglect corrected within 30 days ($14,232–$71,162), and Tier 4 penalizes uncorrected willful neglect with the highest fines ($71,162–$2,134,831).
These fines adjust annually for inflation, and severe cases may result in criminal charges, reputational harm, and mandatory corrective actions.
Yes, providers must obtain explicit patient consent before using emails to send PHI.
Read also: A HIPAA consent form template that's easy to share