5 Risks of Using Email to Share Health Records, Files, and Personal Health Information

While email offers many benefits for a medical practice it also poses risks to the privacy of your patients and compliance risks for your healthcare providers. 

It is important that we understand what the risks and other care providers and take steps to mitigate them. 

The 5 Risks Of Communicating PHI by Email:

No matter where you are located, whether it be the US, Canada, UK, Europe, Australia, and anywhere else, all regions now have strict rules around how to handle health records and personal health information.

Generally, rules state that healthcare practices have a duty to ensure that health records in their control are retained, transferred, and disposed of in a secure manner. They are also required to take reasonable steps to protect personal health information against theft, loss, and unauthorized use or disclosure.

The problem today is that many healthcare practices use email to share results and records with their patients and referring practitioners which leaves us exposed to possible beeches in data privacy, like unauthorized use or disclosure of information. 

Even if you are using a totally encrypted email service, here are a few risks we need to consider.

1. Email Sent to the Wrong Patient or Practitioner. 

Email can be sent to the wrong patient or practitioner just by mistyping an email address or using the autocomplete feature. Even if it’s encrypted, that doesn’t prevent it from landing in the wrong inbox leaving you exposed to unauthorized disclosure. 

2. Emails Not Received or Marked as Junk/Spam

This is one of the most important in my opinion because with email you don’t always know if a health record or file was delivered and opened successfully by the intended recipient.  This is especially important for clinically significant findings where time is of the essence. 

How many times have you heard back from a patient or referring practitioner saying they didn’t get their results back, when will their results be ready meanwhile you had emailed them weeks prior.

3. Email is Portable

Email is often accessed on portable devices, such as smartphones, tablets, and laptops, which are vulnerable to theft and loss.

4. Email Has No Controls or Audit Trail

After an email is sent, the original sender has no control over what happens to it. The email and information in it can be forwarded or changed without the knowledge or permission of the original sender. Email also doesn’t automatically update your electronic medical record system with notes that you have shared these files with a patient or practitioner.

5. Email Retention, and Disposals of PHI and the Shared Inbox

A lot of practices used a shared inbox with no visibility on who has access to the previously sent records at any given time. Patient records are often mixed in with other emails like newsletters, supplier emails, questions from patients. This makes it hard to properly retain or delete personal health information if it’s buried in the history of your outbox. 

Most of the issues with email simply come down to human error. Even if you are using safeguards like encryption, strong passwords, malware scanners, physically restricting access to systems, this doesn’t mitigate against the simple human error.

What alternatives can we use to share information with patients?

I’m not going to suggest fax, USBs, CDs, or traditional file-sharing services like dropbox or box since these don’t fit into the healthcare workflow, don’t integrate with your electronic health record system, and a shared link can have the same issues as email.

We want to be using a secure patient portal or healthcare-focused file-sharing system (i.e Health Docs)

Whether you use Health Docs or not, you need a system that has/is:

• A healthcare-first system that has the compliance, data residency, security needs of the healthcare industry built-in

• Audit trails of who accessed the documents and when

• Visibility of what results have been delivered and opened and which have not, so you can follow up to ensure delivery of urgent results

• Integrates with your existing systems. 

• Easy for you and your front desk to use and manage 

This is why we built Health Docs.

Heath Docs is a compliant, end-to-end encrypted health record and file-sharing system that easily fits into any healthcare workflow and ensures results get delivered to the intended patient or provider. 

So if you are ready to say goodbye to email and fax contact me for a Demo today. Visit https://healthdocs.com/