Health Information Compliance Alert
Reader Question ~ SIGN BEFORE TEST RESULTS GO ON THE NET
PDF
Question: If a patient wishes to have test results sent to him via e-mail and has signed a consent form for this communication with the understanding that our office does not encrypt the message, are we still permitted to send this information along to him? Do we have any other responsibilities under HIPAA in regard to this request?
Answer: In this type of a situation, it would be advisable to have the patient sign an authorization to disclose protected health information via e-mail, says Laura Scallion, president and CEO of AllSource Technical Solutions, Inc in Portland, OR. "The authorization should include language that clearly informs the patient that e-mail is not encrypted and the Internet is not secure. If the patient authorizes, it's permissible to send the results via e-mail," she notes.
Now, as far as when you should have the patient sign this authorization form, Scallion advises entities to provide it to the patient only upon request. "Some people still have no idea what to do or how to use e-mail, so if it's included at sign-in, they would be signing something they knew nothing about - it would cost more time involvement for the admitter in explanation of what they are signing," she says.
The Bottom Line: You are permitted to send non-encrypted documents containing PHI to patients via e-mail as long as you first obtain a signed authorization from the patient explaining that transmissions sent over the Internet have vulnerabilities or are not 100 percent secure.
Health Information Compliance Alert
- PRIVACY COMPLIANCE ~ 8 Questions To Ask When Drafting HIPAA Sanction Policies
Have you recently taken a look at your list of what constitutes a violation of [...] - Electronic Health Records ~ You Could Soon Get Help Upgrading Your Computer Systems
CMS, OIG loosen up on donations of e-prescription, EHR systems. Hospitals will be able to [...] - You Be The Security Expert ~ Do We Need A Backup For Our Audits?
Read the situation below and decide how you would handle it before you compare it [...] - Privacy Compliance ~ Use This Advice To Prevent Privacy Breaches In Your Clinical Lab
Direct or indirect treatment provider? Know your obligations. Many labs may still be unsure about [...] - Privacy Tips ~ Fine Tune Your Lab's HIPAA Compliance With These 3 Tips
Don't let lab data streams spill over into privacy violations. While clinical labs may occupy [...] - Training ~ Keep HIPAA Simple:
Link Privacy Training To Jobs For Best Results
Are your business associate relationships properly labeled? Teaching staff about HIPAA can be daunting, but [...] - Reader Question ~ "MARKETING," "RESEARCH" OR JUST PLAIN QA?
Question: I work for a chemical dependency care facility, and we're considering creating new services [...] - Reader Question ~ PHI DISCLOSURE AND THE BADGE
Question: Here's a hypothetical situation, but one that happens all too often: A traffic accident [...] - Reader Question ~ SIGN BEFORE TEST RESULTS GO ON THE NET
Question: If a patient wishes to have test results sent to him via e-mail and [...] - INDUSTRY NEWS ~ Will Your Computers Be Able To Talk To Each Other?
House and Senate set to hash out fate of health IT. Stay tuned: You could [...] - Compliance Tool:
2 Response Letters Keep Patients Posted On Complaints
Put your actions in writing and protect against further criticism.
Don't let your patients think that [...]