The Risk of PHI Exposure in Emails
There are several considerations that therapists must make when determining whether or not they should use email to communicate with patients. This is because malicious entities often target emails to steal sensitive information.
Part of HIPAA compliant email communications require therapists to receive patient consent to communicate with them via email. Additionally, must warn patients of the risk of having their sensitive information in their emails. While therapists can secure their email communications, it is unlikely that patients will have implemented sufficient security measures to protect them from exposure. As such, using email to share protected health information (PHI) increases the risk of incidental disclosures.
To minimize the risk of accidental PHI exposure on your part, you should consider the following.
There have been many instances in which healthcare workers have caused a breach by sending emails containing PHI to the incorrect recipient. When email addresses are not carefully reviewed before sending an email, inadvertent PHI breaches can easily occur. This is why it is essential to confirm that you have the recipient’s correct email address before sending them an email containing PHI.
When receiving patient consent to send them emails, it is essential to inquire whether other people have access to their emails. Patients that share computers or other devices with family members may have their PHI unintentionally revealed. There are some instances in which this concern may deter a patient from receiving emails from their therapist. If the patient has a condition that they don’t want their family members to know about, or the patient is in an abusive relationship, they would likely not consent to email communications.