• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

Transmitting PHI by Email

May 27, 2014 By angela burnette

Email has become an important mode of communication for business operations, with approximately 100 billion business emails sent in 2013 alone. Included in these messages are patients’ personal and health information, such as test results, diagnoses, and social security numbers. The Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) regulate the transmission of this sensitive information, known as protected health information (“PHI”), by Covered Entities, and in some circumstances, Business Associates.

Covered Entities are generally health plans, health care providers who engage in certain health care transactions electronically, and health care clearinghouses. Business Associates are persons or entities that provide services to or for a Covered Entity, and as part of providing those services, receive or have access to PHI from or on behalf of the Covered Entity. Business Associates can include accountants, auditors, and lawyers.

Importantly, neither the HIPAA Privacy nor Security Rules specifically prohibit the use of email to transmit PHI. Determining when and under what circumstances to disclose PHI in emails is an ongoing struggle for businesses both large and small. Angela T. Burnette and Swathi Padmanabhan, both of Alston & Bird LLP, have compiled practical guidance to help inform such decision making. Indeed, their recently published article in the American Health Lawyers Association’s Connections magazine, entitled “Tips and Tactics for Transmitting PHI by Email” addresses, among other things:

  • Alternatives to and strategies for transmitting PHI by email;
  • Encryption;
  • Disposal of emails containing PHI; and
  • Lessons learned from recent email breaches that were reported to the Department of Health and Human Services (“HHS”).

The full article can be accessed here. For more questions, or for assistance with HIPAA compliance, please contact Angela Burnette at angie.burnette@alston.com or Swathi Padmanabhan at swathi.padmanabhan@alston.com.

Written by Angela T. Burnette, Counsel, Health Care; Swathi Padmanabhan, Associate, Health Care | Alston & Bird LLP

Filed Under: Health Privacy, Privacy, Regulation Tagged With: Health Information Security, HIPAA, HITECH

About angela burnette

Angela Burnette focuses her practice on many aspects of health law. She handles health care litigation involving issues such as hospital-physician disputes, hospital licensure and investigation, contract, medical malpractice and peer review, successfully resolving matters at the trial and the appellate level.

[Read Bio]

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • Recent Exploits of Blockchain Bridges Highlight Need for Cybersecurity in Crypto and Risk of Liability
  • Germany’s Cyber Threat Landscape – Top 3 Lessons from the BKA Situation Report
  • CPPA Board Opposes American Data Privacy and Protection Act
  • SEC Settles Enforcement Actions with Broker-Dealers and Investment Advisors for Identity Protection Deficiencies
  • UK Information Commissioner’s Office Issues Warning on Ransomware Payments
Copyright © 2022 · Alston & Bird · All Rights Reserved. Privacy.