Corporate Compliance

Tip: Retain patient emails

Compliance Monitor, February 25, 2009

HIPAA requires covered entities to manage electronic protected health information , including that in e-mail format. Many organizations do not accept patient e-mails. However, if your organization does accept them, consider printing and filing them in the patient’s record.
 
If your organization uses electronic health records (EHR), archive and retain them as you would any other part of the medical record. Your legal EHR policy should specify what the record does and does not include.
 
New amendments to the federal rules of evidence state that e-mails are fair game during litigation. Remind staff members that, like patients, they are not exempt and that their e-mails should not include information they don’t want a patient or attorney to read.
 
This tip was adapted from an article appearing in the March 2009 issue of Medical Records Briefing titled “HIPAA refresher: Faxing PHI, retaining patient e-mails, using whiteboards, and more. Chris Simons, RHIA, director of HIMS and privacy officer at Spring Harbor Hospital in Westbrook, ME, provided the questions and answers.

Most Popular