Why HIPAA compliant email is crucial for pharmacies

Featured image

Share this article

hipaa compliant email for pharmacies sign

The country’s top pharmacy chains — CVS and Walgreens — have been at the center of multiple HIPAA violation complaints. Walmart and Rite Aid pharmacies have also been reported to the Department of Health and Human Services’ Office of Civil Rights (OCR) numerous times over the last few years.  

Despite your pharmacy’s best efforts at HIPAA compliance, it could be violating patients’ privacy rights and not even know it.

In 2019, the director of OCR, Roger Severino declared harsher audits to enforce compliance. For instance, if your employee violates HIPAA your pharmacy can be held accountable.

As a covered entity, pharmacies are bound by the HIPAA privacy and security rules, along with the breach notification rule. 

HIPAA sets standards for the secure storage and transmission of protected health information (PHI) and gives patients the right to receive copies of their PHI.

Cybersecurity is now critical with more and more health data being digitized. Heavy fines can result from pharmacy technology that is not up to date and protected from data breaches.

How to keep your pharmacy HIPAA compliant     

There is no better time than now to make sure that your employees and business associates understand HIPAA compliance. Develop effective policies and procedures and train your staff on how to implement and follow them. 

For example, HIPAA violations must be reported to HHS by your staff or business associates if it affects more than 500 patients within 60 days. If less than 500 patients are affected, you must notify HHS no later than 60 days after the end of the year. Fines can be hefty and range from $100 per violation up to $1.5 million.   

You’ll also want to plan how to deal with patient complaints about privacy and address how to avoid unintentional disclosures of patient information, whether electronically or physically.

Disposing of old prescription labels and vials in trash facilities that are open to the public, as well as emailing, faxing or texting PHI to the wrong patient are both considered HIPAA violations.

Pharmacies that submit claims electronically can also easily be subject to data breaches.

Understanding how to electronically protect PHI

Your pharmacy should know how to protect patient information when sending it through voicemails, emails and text messages. Only the minimum necessary PHI should be communicated for pharmacy operations and payment.

If there’s any possibility that PHI in an email can be intercepted and read by parties other than to who it is addressed, it’s a HIPAA violation just waiting to happen. So pharmacies should ensure they’re using a HIPAA compliant email service.

This includes sending email notifications such as prescription refill reminders.

Paubox Email Suite is the only solution with zero-step encryption on all emails. It also seamlessly integrates with business email platforms like Google Workspace, Microsft 365, and Microsoft Exchange.

Your pharmacy also has to document the patient’s consent to receive communications by email. Don’t send appointment reminders and other notices without making sure the patient knows they’ll be receiving them and what the risks are involved in doing so.  

Conclusion

In the normal course of a day, HIPAA is a minefield of potential violations that almost any pharmacist or other employee can mistakenly transgress.

If the OCR investigates a patient complaint about a HIPAA privacy violation and determines that your pharmacy was disclosing PHI when communicating via email, every such email can constitute a breach. It wouldn’t take much to be involved in a breach affecting more than 500 patients. 

Having your pharmacy displayed all over media notices and breach reports to the Secretary of HHS can happen just because you didn’t establish HIPAA compliant email and other important practices with your patients. 

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Rick Kuwahara

Rick Kuwahara is COO and Chief Compliancy Officer for Paubox.

Read more by Rick Kuwahara

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022