Avoid using email to transmit ePHI to patients without evaluating the risks involved by speaking with your HIPAA Privacy/Security Officer and/or IT department.  They may have solutions for you to consider utilizing email encryption software or an email encryption service to encrypt the messages. If your organization does not utilize an encryption software for sending emails that contain phi, the information sent on those emails are not secure and could possibly cause a breach of patient information.

This reminder is part of a series of HIPAA Security Reminders from the Kentucky Regional Extension Center.  These reminders can be used by covered entities and business associates looking to comply with the HIPAA Security Rule’s CFR §164.308(a)(5)(ii)(A), which states, “Security reminders (Addressable). Periodic security updates.”

Feel free to share this with your workforce/staff to remind them of the importance of safeguarding protected health information (PHI), especially PHI that is in electronic form (ePHI).  A new security reminder is posted at the beginning of each week.  If you have any questions, or would like to speak to someone at the REC about HIPAA Privacy and Security please call (859) 323-3090.