3 critical reasons your dental practice should be using encrypted email
HIPAA violations can be costly and seriously damaging, but encrypted email can help protect patient information.
As many of you know by now, suffering a breach of your data can be devastating to a practice, as it would require notifying all patients about the breach as well as the local media, not to mention the fine and penalties that would need to be paid.
The most common form of a breach is a lost or stolen mobile device such as a laptop or external hard drive. One of the next most common forms of breach is through email.
Should offices be using an encrypted email system to send patient information? In my mind, yes, with a few caveats.
HIPAA considers encryption to be an "addressable" rule. Meaning, if it's reasonable and appropriate you must do it. If not, then come up with an alternative or a document explaining why you believe no alternative exists. Considering the high risk of data compromise with unencrypted email, almost everyone would consider encryption to be reasonable and appropriate. Most encrypted email systems run around five to ten dollars per month for each email account.
The Safe Harbor Method
One option (not one I recommend) is the Safe Harbor Method. What this basically says is that you can send ePHI (electronic Protected Health Information) as long as you remove all identifying information. So, let's say you want to send another office a digital X-ray of a patient. To meet the Safe Harbor Method, you would send the X-ray with literally no other information: no name, initials, chart ID, facial photo, nothing.
While this is an easy solution for the person sending the email, it's not so great for the recipient. Imagine you are a specialty practice and you get five to 10 emails per day that include X-rays but no other info. You'll have to call the sender, figure out who the patient is, get the image into the software, etc. It will be a real pain.
Continue to page three for more...