HIPAA Email Rules Your Medical Practice Should Be Following

It’s increasingly important for a good medical practice to communicate with its patients, and one of those options is via email.

Well, there might be a better way to word that. Here’s another.

Every practice should be able to communicate with their patients via email in the correct, secure way. Some info might cross a line, while some information might be unnecessary. It might be confusing whether or not your message is appropriate.

That’s why it’s important to follow HIPAA email rules. While it might seem like a distraction, following these rules can mean the difference between sending an email and breaking the law.

If you’re worried, don’t be–we’ve got you covered. Here are some good email rules to follow.

Encrypt, Encrypt, Encrypt: the Best of the HIPAA Email Rules

For several years now, hackers and internet thieves have gotten more confident and greedy. They look for personal information about people, so they can steal identities and money.

That might explain why in recent years, the use of email encryptions has risen dramatically.

Encryption is one of the most effective ways of protecting the information you send in emails. Encryption makes it more difficult for hackers to gain access to the content in your emails.

As a medical practice, your communication with your patients will contain vital and private information of your patients. That means you must encrypt your emails as a safeguard against the people who would steal the information from your emails and use it against you or your patients.

If you don’t, you can quickly end up in a world of hurt.

Keep Records of Your Interactions

Despite your best efforts to keep your emails secure, something could still go awry. Your message could end up in the wrong hands, or you might accidentally include some words that you shouldn’t have.

So, what’s the big deal?

Every year, over three billion dollars are dolled out by medical officers during lawsuits in the US alone.

You might be having a normal day when suddenly, a notice comes into the office saying you’re being sued for revealing private information.

It doesn’t matter if your patient is being unreasonable. Maybe you’re totally in the right, and this lawsuit is completely unreasonable.

Voila, lawsuit. How can you deal with this expeditiously in a way that doesn’t disrupt the practice?

Well, if you’ve archived all your emails, then you’ll be able to easily prove that you’re right.

That’s why maintaining a record of your email interactions is one of the most important guidelines for the HIPAA rules.

By keeping an organized filing system for your past emails, you’ll have a solid record of all communication with your patients. That will allow you to quickly find the truth when facing someone trying to get money from you.

Check with your email server to figure out how to best archive your email material. And make sure you keep contact with everyone involved in the process.

Communicate with Patients

When you’re dealing with HIPAA email rules, there’s a lot to worry about on your end. So much that you might forget that this is a two-way street.

Your patient is the one whose information you’re dealing with, so of course they should be involved. But they also could help you out.

Sometimes, HIPAA email rules are vaguely defined. The line between acceptable information and unacceptable information to email about is often blurry.

Your patient can often set the bar of acceptable material to email about. If your patient emails you something, it’s safe to assume that they are fine with you emailing about the same topic.

That means you can email them about that topic freely. Your thoughts on a diagnosis, for example, can be emailed directly to the patient.

The flip side of this scenario is that patients don’t email about certain subjects. In that case, it’s safe to assume they do not want you to email you about that topic.

We are still talking about only using encrypted email, of course. And while your patient may take the initiative, we still strongly encourage you to get written approval from your patients of what you can and cannot email them about.

But what if they’re unclear about what’s ok to email about? What if you think the information is very pressing?

In this case we recommend you play it safe and not email them.

Don’t Get Trigger Happy

It’s very important to balance the information you feel you need to tell your patient with a concern for their privacies.

Besides from general information which you email about, it’s usually best to sit on information unless you have consent from the patient, explicitly spoken or written.

A reasonable solution is to send an email to your patient and suggest they come in for an appointment or to set up a phone conversation with them.

Or, you can email asking a general question asking if it’s all right if you do email about a certain topic. Usually, it’s best to send the second email in a conversation, after your patient has already sent you a message.

The rules about phone calls are different from emails, and that can sometimes let you open up a bit more than on email.

Lean on Available Resources

The importance of protecting your data, and also patient privacy, cannot be overstated.

That’s why HIPAA security is so important. But it can seem overwhelming to keep track of the security all by yourself.

It’s important for you to recognize that you’re not alone in the fight against hackers and immoral patients. There are plenty of services out there which are designed to provide technical security to people just like you.

Check out our site for more information regarding how you can improve your HIPAA security. There are plenty of situations you could be in, and plenty of potential solutions you could use to fix the issue.

Follow the Rules

By sticking to solid HIPAA email rules, you’ll be able to operate your practice more efficiently by communicating via email with your patients.

While it might take a while to get used to them, eventually they’ll help you run the practice more efficiently than ever before. That means fewer headaches for you, plus better sleep at night.

Feel free to reach out today if you have any more questions about HIPAA email rules. Good luck!

HIPAA Security Reminders


HIPAA Security Suite has developed a weekly HIPAA Security Reminder series that’s FREE for all of us who are responsible for, or engaged in, the use and protection of PHI.

Pursuant to Section 164.308(a)(5) of the HIPAA Security Rule, the Standard states: Implement a security awareness and training program for all members of its workforce (including management).

This standard is part of our Best Practices Recommendations for HIPAA Security Suite users, but it’s available for FREE to anyone who wants to comply with HIPAA using the easiest, best tools available.

Sign Up

Scroll to Top