Health Information Compliance Alert

Published on Mon Jan 12, 2015 PDF

Question: Should we develop some sort of consent form for patients to sign if they indicate that they prefer to communicate with us via email?

Answer: “I definitely think that it’s a good idea to have a consent form — that’s a good term for it,” answers Jim Sheldon-Dean, founder and director of compliance services for Lewis Creek Systems LLC in Charlotte, VT. This type of consent form isn’t strictly a HIPAA authorization because the patient isn’t authorizing the release of protected health information (PHI) for a specific purpose.

But you could have a consent form that basically indicates that the patient has discussed email communications with you and that you’ve explained that there are risks of their PHI being exposed and they consent or prefer to communicate via email, Sheldon-Dean says.

Of course, patients always have the right to require email communications using a secure method, “in which case you need to provide them with an encrypted attachment or a secure portal, or some other means if you’ve got any information in some encrypted way,” Sheldon-Dean advises.