Does the HIPAA Privacy Rule allow healthcare providers to communicate with patients through email?

Featured image

Share this article

Does the HIPAA Privacy Rule allow healthcare providers to communicate with patients through email? - Paubox

The HIPAA Privacy Rule permits healthcare providers to discuss health issues and treatment plans via email, as long as the necessary safety measures are applied to protect patient privacy. 

Here’s what HHS wants you to know about conducting discussions electronically and why HIPAA compliant email is key to keeping all sensitive information secure. 

Key considerations 

Before communicating with a patient through email, HHS recommends certain precautions to reduce the chance of unintended disclosures. This may include double checking email addresses for accuracy prior to sending, or asking a patient to confirm their address ahead of time.

Although using unencrypted email for treatment-related discussions is not prohibited, healthcare providers should be taking steps to safeguard patient data. One way to do this is limiting the total amount or type of information included in the unencrypted message. 

SEE ALSO: HIPAA email encryption requirements: What you need to know

Additionally, it is critical for covered entities to ensure that all protected health information (PHI) sent via email is in compliance with the HIPAA Security Rule requirements.

What rights do individuals have under the Privacy Rule?  

The Privacy Rule allows patients to request an alternative communication method or location from their healthcare provider, within reason. For instance, an individual may ask to receive appointment reminders via email rather than a postcard. Under HIPAA, the healthcare provider is expected to accommodate and fulfill the request if reasonable. 

On the flip side, a patient may consider unencrypted email unacceptable and seek a more confidential discussion. The provider should then offer another form of communication, such as physical mail, telephone, or encrypted email with Paubox Email Suite.

Can patients initiate email communications with a provider? 

According to the Privacy Rule, patients are permitted to open a conversation with a healthcare provider via email. In this situation, the provider can assume that the individual finds email to be a suitable method of communication unless they have explicitly stated otherwise. 

If the healthcare provider feels that a patient might not know about the potential risks of using unencrypted email or has any other concerns around liability, it is appropriate for them to inform the individual of those vulnerabilities. It is then up to the patient to decide whether to move forward with exchanging information electronically. 

How Paubox can help 

To ensure that you are keeping each patient correspondence as protected as possible, strengthening your email security is the best plan of action. 

Designed to conveniently integrate with your existing email platform, Paubox Email Suite sends HIPAA compliant email by default by automatically encrypting every outbound communication. This removes the stress of choosing which emails to encrypt and allows your patients to receive your emails directly in their inbox without needing to navigate any additional passwords or portals.

Paubox’s Plus and Premium plan levels are also equipped with innovative inbound email security tools that work to proactively defend your data from future threats. Our patent-pending Zero Trust Email feature requires one more unique identity verification to confirm an email’s legitimacy, while ExecProtect quickly identifies and puts an end to display name spoofing attempts. 

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Sara Uzer

Read more by Sara Uzer

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022