Chapter 4: Other Technological Risks for Mental Health Professionals
Part 1: HIPAA, Email, and Your Mental Health Practice
As you know, it's your responsibility to ensure your patients' protected health information is secure, but whenever this data is transmitted, there's the risk that it could be exposed and your practice could be penalized for it.
So while HIPAA's Privacy Rule doesn't prohibit communicating with patients via email, the onus of ensuring that proper security measures are in place is on you. According to the Security Rule , you must implement policies and procedures to restrict access to and guard against unauthorized access to e-PHI. HIPAA does allow e-PHI to be sent over an electronic open network as long as it's adequately protected.
HIPAA allows e-PHI to be sent over an open network as long as adequate security measures are otherwise taken.
Remember, too, that under the Privacy Rule , your patients have the right to request alternate forms of communication if they are uncomfortable with email.
Next: Part 2: On Encryption