Can I email my acupuncture patients?
Have you ever had a situation where your patient asked you for a copy of their SOAP Note or Superbill? And, attaching it to an email and hitting send would be so easy.
Before sending that email, you might want to think twice!
Technology can sometimes be a double edged sword. On the one hand, it’s enabled us to do things easier and quicker than before. But at the same time, it can also make things riskier and enable bad things to happen.
Let’s talk about email security today.
Why is email insecure?
Email is inherently insecure because your email has to pass through many servers before getting to its destination. So, while, you might have written your email with GMail, which has SSL encryption. You’re not guaranteed that the servers in between GMail and Yahoo Mail will have SSL encryption, which enables someone to easily see the data going through the network.
Here’s a cool image I created, illustrating an acupuncturist emailing her acupuncture patient. The green arrows indicate that the data is encrypted and the red arrows show unencrypted information.
Also, since, the email passes through several servers, you don’t know how these servers are storing the email. The best case scenario is the email is immediately relayed from one server to the next.
However, often times, for performance reasons, a server will cache the data on the server by making a copy. The cache could live on the server indefinitely, allowing someone to see the email, if they had access to it.
Avoid Emailing PHI
The main thing to be careful of when sending emails to patients is the transfer of protected health information or PHI.
PHI is anything linking a patient to her health situation or treatment.
To be safe, avoid sending emails containing a patient’s health history, ICD-10 codes, and CPT codes.
In conclusion, here’s a motto about corresponding with patients through email, “When in doubt, don’t send it out!”
One day email will become secure enough for us to send patient sensitive information. Until that day comes, it’s best to avoid emailing PHI and be on the safe side!
Questions? Let me know in the comments below. I’d love to hear from you.
Minto Tsai
Founder
P.S. If this helped you, please Like, Share, email… all the social network love you can give!