• E-mail
• Print
• RSS

Can someone e-mail patient information to a registration department?

Patient Financial Services Weekly Advisor, May 31, 2007

Q: A provider affiliated with or employed by a covered entity would like to e-mail patient demographic information to the covered entity's registration department to expedite the registration process for his patients. Is this HIPAA-compliant?

A: Such e-mails from the provider to the covered entity's registration department would comply with the security rule's implementation specification relating to securely transmitting patient information only if the provider sent the e-mail from inside the organization (within a closed network or not over the Internet) or if he encrypted the e-mail before transmitting it from another site over an open network or the Internet. It is wise to encrypt transmissions within an organization if the information is especially sensitive, but HIPAA does not require this.

Editor's note: Chris Apgar, president of Portland, OR-based Apgar & Associates, LLC, answered this question. This is not legal advice. Consult your attorney for legal matters.

• E-mail to a Colleague
• Print
• RSS
• Archive