What is HIPAA Compliant Email for Therapists?

HIPAA Compliant Email for Therapists

When communicating patient information via email, it is essential to consider whether or not the email provider is HIPAA compliant. For therapists, this is especially important due to the sensitive information that they hold on their patients. So, what is HIPAA compliant email for therapists?

The Risk of PHI Exposure in Emails

There are several considerations that therapists must make when determining whether or not they should use email to communicate with patients. This is because malicious entities often target emails to steal sensitive information. 

Part of HIPAA compliant email communications require therapists to receive patient consent to communicate with them via email. Additionally, must warn patients of the risk of having their sensitive information in their emails. While therapists can secure their email communications, it is unlikely that patients will have implemented sufficient security measures to protect them from exposure. As such, using email to share protected health information (PHI) increases the risk of incidental disclosures.

To minimize the risk of accidental PHI exposure on your part, you should consider the following.

Email Errors

There have been many instances in which healthcare workers have caused a breach by sending emails containing PHI to the incorrect recipient. When email addresses are not carefully reviewed before sending an email, inadvertent PHI breaches can easily occur.  This is why it is essential to confirm that you have the recipient’s correct email address before sending them an email containing PHI. 

Shared Devices

When receiving patient consent to send them emails, it is essential to inquire whether other people have access to their emails. Patients that share computers or other devices with family members may have their PHI unintentionally revealed. There are some instances in which this concern may deter a patient from receiving emails from their therapist. If the patient has a condition that they don’t want their family members to know about, or the patient is in an abusive relationship, they would likely not consent to email communications.

Let’s Simplify Compliance

Are you a therapist that needs help with HIPAA? Compliancy Group can help!

Learn More!
HIPAA Seal of Compliance

Tips for Maintaining Patient Confidentiality in Emails

One obligation of HIPAA requires the confidentiality of PHI to be maintained. As such, you must use secure email, not only when communicating with patients but when communicating PHI with other covered entities or your business associates.

To protect patient confidentiality, you should take the following steps before sending these types of documents or other documents containing PHI.

  • Check and double-check the recipient’s email address.
  • Do not include PHI in email subject lines. Email subject lines cannot be encrypted, so PHI in an email subject line can easily expose patient information.
  • Do not send group emails, especially to multiple patients. When doing so, other recipients’ email addresses can be easily viewed, which is a HIPAA violation as email addresses are considered PHI.
  • Take a minute to review your email, including email addresses, subject lines, and attachments, to ensure that you are not inadverte