That Privacy Act – HIPAA – seems sometimes complicated with all its rules about protecting patient information, while at the same time hopefully making the medical part of the record available to related providers, and improving patient care.

The act permits providers to communicate electronically to patients with both email and text, as well as make the clinic or hospital record system available online to patients. It seems that unintentional disclosures keep popping up.

With email, it’s a good idea to confirm email alerts to patients reminding them of their agreement to such communication before sending actual information. Providers should try for encrypted email or at least limit what can be disclosed if email is not encrypted. Patients may refused such communications but it’s safe to assume that if not prohibited by the patient, it is acceptable. So, ask and document that permission.

HIPAA Complaint Email statement (attached to the bottom of every email):

    The information contained in this transmission may contain privileged and confidential information, including patient information protected by federal and state privacy laws. It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution, or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.

In the provider’s office, it is important to note potential violations. Have you been in such an office and heard the receptionist ask a patient for a full name, birthdate, verify an address, phone number, insurance company? How about a pharmacy tech who asks the same questions to the person ahead of you in line? Every single question and its answer is protected health information and those providers are in violation.

Office Policies and Procedures

    Review with staff all the potential scenarios of exposing protected information from others.

A single infraction of the rules may result in thousands of dollars in fines and penalties. Keep in mind that the problem is not limited to communications with the patient regarding medical information but when providers message staff or even other providers. All of the HIPAA rules and regulations are incorporated into the training material provided by Visit for the variety of cutting edge training and certification available.