• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Use of encryption

Article

Must the e-mail that I use to send medical information to a patient over the Internet be encrypted?

Q:Must the e-mail that I use to send medical information to a patient over the Internet be encrypted?

A: That depends. Under the security rule, encryption is "addressable" but not necessarily required. That means, before doing anything, you must first determine whether implementation is "reasonable and appropriate" for your practice. If it is (because you send out a high volume of very sensitive information, for instance), you must address that fact by, in this case, adopting the appropriate encryption software or system. If you determine it isn't reasonable and appropriate for your practice to encrypt e-mail but the security standard can't be met otherwise, you must document your reasoning and implement an alternate means to meet the same goal. Some security consultants suggest encrypting all e-mail since, they argue, it's often easier to explain to the government why you've done something rather than why you haven't. But for small practices, this could be cumbersome and expensive, so use common sense when in doubt.

Related Videos
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health