There is a lot of talk about this lately…HIPAA compliant email.
First, you need to realize, standard email is NOT a secure method of transmitting ePHI.
Most private practices don’t have secure email.
Many hospitals do.
Should you have it?
My argument is no.
There really is no reason for it.
A hospital may be able to make the argument, and justify the risk, of a secure email system.
Most private practices just shouldn’t bother.
The first thing one needs to realize is, even if you have a secure email system at your office, sending an email to another office may not be secure.
You don’t know.
Additionally, you run further risk in that your staff may get used to emailing, then out of habit, send a patients data to a non-secure email system.
Our recommendation has always been to use an “internal messaging system”.
This would be a system that allows the sending of emails within the office only.
This limitation prevents PHI from transmitting outside the office while still allowing an increase in productivity within the office.