Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.
Professionals have been discussing the need for secure, HIPAA compliant email for years, and especially since so many mental health professionals use email with clients and patients. A 2009 study by the American Psychological Association showed that 9.8% of psychologists polled reported using email for clinical purposes with clients (Jacobsen & Kohout).
In our newsletter, we’ve talked about Hushmail and other popular vendors who offer secured email platforms.
Outlined in the HIPAA Omnibus Rule, just published in January (see our HIPAA’s Final but Sweeping Changes to Privacy and Security Rules), there is increased liability for practitioners as well as vendors. As a result, there is a heightened attention on how we as professionals can hold email vendors more accountable for their claims of HIPAA compliance, or lack thereof.
Here is a list of important questions for us to ask vendors about HIPAA compliant email, generated by a group called Health BI:
- Where exactly will messages and documents reside?
- Explain the data center setup.
- Explain the data security infrastructure.
- What kind of encryption is used?
- What kind of auditing capabilities are provided?
- Explain system redundancy and availability strategy?
- Provide HIPAA compliancy documentations.
- Explain how customers are protected against mishandling of data by recipients of messages
- How much experience does the vendor have in developing solutions for healthcare?
Reference
Jacobsen, T. & Kohout, J. (2010). 2008 APA Survey of Psychology Health Service Providers: Telepsychology, Medication and Collaboration. APA Center for Workforce Studies.
Essential Telehealth Law & Ethical Issues
Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!
Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.
Please share your thoughts in the comment box below.