Part three of this blog deals with HIPPA concerning emails and texts originating from the patient and a wrap up of do’s and don’t's.
The patient may use unencrypted emails and texts to communicate with providers because HIPPA applies to health care providers and not the patient. Unless the patient has specifically stated otherwise, the provider can assume that responding to the patient using unsecured texts and/or emails is acceptable to the patient. Patients probably have no idea of the risks of using unencrypted texts and/or emails, and therefore, the provider may want to educate the patient and have signed consent and a preference form from the patient before replying to their email or text.
Signed HIPPA consent should also include a section regarding emails and texts that confirm the patient's preferences regarding communication. The Telephone Consumer Protection Act (TCPA) is a federal law protecting consumers from unwanted calls and faxes. TCPA prohibits making pre-recorded or auto-dialed texts and calls to cell phones without the prior consent of the party being phoned or texted. This refers to auto-generated appointment reminders. Violating this law can cost the violator $500 per violation- call or text.
The bottom line is to have every single patient sign an HIPPA consent form that includes a section on emails and texts and the patient’s preferences regarding this communication.
One last note, including a confidentiality notice or disclaimer in an email, doesn’t make the email HIPPA compliant. An email originating from the practice going outside of the office containing PHI must be sent through an encrypted server.