Emails are protected by HIPAA regulations.
The Health Insurance Portability and Accountability Act (HIPAA), is the act requiring privacy and security be given to any communications in regard to health and medical records. If a medical facility is sending an email, there are regulations that need to be followed to ensure the patient's privacy is maintained.
Security
HIPAA requires medical offices ensure their computer networks are secure. Firewalls and virus protections are just some of the things facilities can use to ensure that no one can hack into their systems. With security measures in place, emails can be sent within the office without fear of being intercepted by an outside person.
Notices
At the bottom of every medically-related email, notices must be placed. These notices simply state the information in that email are private and should not be forwarded. It also lets recipients know that if they are not the intended recipient they should contact the sender and inform them of the mistake immediately. To reduce the chance of this happening, the sender should always verify and make sure email addresses are correct before sending. Sending to the wrong recipient can be considered a HIPAA violation if it is not shown the sender attempted to verify the correct information before sending.
Encryption
Encryption is the process of making emails scrambled like a code. The recipient would has to type in a password to receive and read the information . The password should never be sent in the same email, even in the subject line. The best way to convey a password is over the phone, as an added security measure.
Subject
The subject in a medical email should be as generic as possible to avoid others seeing private information. The name, date of birth, or account number of the patient should never appear as a headline or in the subject line.
Tags: before sending, should never, subject line