On September 23, 2013 the federal government published its long awaited final regulations implementing the "Health Information Technology for Economic and Clinical Health (HITECH) Act," enacted as part of the "American Recovery and Reinvestment Act of 2009" (ARRA), described by the head of the Office for Civil Rights (OCR) in the Department of Health and Human Services (HHS) as "the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented."*
The following section relates to your email communications with patients:
Emailing PHI – Physicians must also consider transmission security, and may send PHI in unencrypted emails only if the requesting individual is advised of the risk and still requests that form of transmission.*
What does this mean for your practice?
It really boils down to two options:
1) You can proactively talk with every patient to ask them if you can send them information via unsecure email, and document their response. Then keep track of who said yes or no.
2) You can implement a secure, encrypted email product (they are very affordable). Keep in mind that Gmail, Hotmail, Yahoo email, and other web-based email services are not secure and encrypted. Even Outlook is not secure and encrypted unless you have specifically implemented a secure email product.
Our recommendation is # 2. WEO Media can recommend an affordable secure email product that will work with your Outlook email to properly secure and encrypt your emails.