Email Compliance

Hide Menu

Email Compliance under HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) specifies the nuts and bolts of the best practices for patient information protection and privacy. It governs all aspects of data treatment, including email compliance. As medical records move from the age of thick paper file folders into the modern age of computer data, the best practice for observing patient privacy against the backdrop of electronic file systems is now the topic of many a heated discussion.

HIPAA is vague in its demand for email compliance; it merely stipulates that the acceptable best practice should include safeguards of a physical and technical, administrative and also organizational nature. It fails to clearly define what these best practices entail, who should oversee them, and what forms of email compliance it will accept during an audit.

This has made the move to electronic patient records a double-edged sword for smaller medical offices that may have been afraid of running into problems down the line. Attorneys are now scrutinizing what makes up the best practice – and the acceptable proof thereof – when it comes to email compliance. The consensus among legal professionals currently holds that there is a four-step approach that is likely to meet the best practice compliance requirement set forth by HIPAA.

1. Physical safeguards are understood as pertaining to the actual separateness of the computer terminal that is used for emailing patient files. It should only be accessible to authorized personnel.
2. Technical safeguards may refer to little more than password protection and the use of an encryption system when sending emails.
3. Administrative best practices are tangible compliance checklists, procedure manuals and signed training data sheets that prove an employee’s completion of a patient privacy training program.
4. Organizational safeguards cover everything from who will receive the emailed patient records to who is in charge of finding and attaching them to a basic document in the first place.

While not foolproof, this form of email compliance is likely to satisfy HIPAA standards during an audit.

Further reading: Corporate Governance | Audit | Performance Improvement

Contact Sitemap Links
Copyright 2023 All Rights Reserved.