Physician Practice

Q&A: You’ve got questions! We’ve got answers!

Physician Practice Insider, January 24, 2017

Submit your questions to Associate Editor Nicole Votta at and we will work with our experts to provide you with the information you need.

Q. Are we required to use encryption on all email, or only email that contains protected health information (PHI)?

A. You are not required to use encryption if the email does not contain PHI. It is sound practice, though, to encrypt email if it contains other confidential information like internal financial information, practitioner disciplinary information, information related to a lawsuit, and so forth. There is always the risk of interception. Confidential information in the wrong hands can get rather expensive for the organization.

Editor’s note: Chris Apgar, CISSP, president of Apgar and Associates, LLC, in Portland, Oregon, answered this question for Briefings on HIPAA. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are those of the author and do not represent HCPro or ACDIS. Email your questions to Associate Editor Nicole Votta at

Most Popular