HIPAA and Email

HIPAA and Email

Welcome to IPSOFACTO… a magical place of LOVE and I.T. in Downtown San Francisco! joy@ipsofacto.net

HIPAA and Email: Don’t Send a HIPAA Violation

In a world where lawsuits are a dime a dozen, it’s important to be on top of understanding even the smallest of HIPAA violations. It can be all too easy to slip and unknowingly commit a violation. This not only puts you as an individual at risk but your company or business as well. HIPAA violations are taken very seriously and it’s not easy to avoid consequences if one is caught and reported. Email is one of the easiest ways to accidentally produce a violation. It’s important to be aware of these potential issues so they can be avoided.


For certain information being sent through email, in order to meet HIPAA guidelines, it must be encrypted. Although some information is safe to send without encryption, it’s just easiest and best to always have emails encrypted for precaution’s sake.

Using Email in General

There are a few guidelines, especially if the medical field is at play when an email comes into the picture. For example, if a patient or client initiates a conversation over email, guidelines state that it’s safe to assume they are satisfied with communicating in such a manner. However, The Fox Group states, “If the provider feels the patient may not be aware of the possible risks of using unencrypted e-mail or has concerns about potential liability, the provider can alert the patient of those risks, and let the patient decide whether to continue e-mail communications.” In other words, it may be a good idea to always make sure someone is comfortable and aware of using email for the business being conducted. Not only for their safety but, for the company’s safety as well.

Of course, just because someone gives permission, doesn’t give anyone leeway to use email for just anything. There is still certain information that can never be sent over email, secure or not. These specifics do not become exempt just because some security came into play. However, for the most part, a large quantity of information can be sent through email as long as the correct precautions are taken.

Staying Current

It’s almost an impossibility to break away from using email at all when it comes to customer/client/patient communications. Email still functions as a very common and easy way to communicate with people of importance. If your business doesn’t stay current with communication options like this, it will be easy to lose business. Therefore, have your email covered by an effective layer of security. Double check with the person you’re communicating with through email to ensure they are comfortable with that sort of information being passed through email. Lastly, having limits to the levels of confidential information you will send over email will ensure protection. The Fox Group sates, “Providers must take steps to protect the integrity of information and protect information shared over open networks.” In other words, just because the communicator may be okay with it, doesn’t mean you should be if it could possibly harm patient/client/customer integrity.


Steve Boullianne, Multiple post-graduate degrees, Mind/Body/Spirit enthusiast, & a member of Mensa. Loves Skiing, Scuba, and Food. Steve’s First job out of college was programming satellites for AT&T. Founded IPSOFACTO in 1996, Y2K boom, e-Commerce super success, 2.1 boom. Steve is ready to Mediate high quality for all life, our one planet, and human kindness. Loves to dance and tell jokes. Steve believes that Excellent Communication is key to human success (and failure). Steve has 3 sons who are his STARS. They will carry the world into a brilliant future. Since 1996, Steve has been a volunteer drug and alcoholism counselor in the Bay Area. The power of the Great Spirit is in you. Steve is a good friend to have.