HIPAA clarification allows patients to receive health information through unsecure email

The dental practice must also provide a warning that there is some risk the protected health information could be read or accessed by a third party while in transit. If the patient still wants to receive their information through an unencrypted email, the dental practice must comply, as reinforced in new guidance issued by the Office for Civil Rights.

The new guidance also confirmed that while covered dental practices are responsible for adopting reasonable safeguards, if the information is compromised during the transmission, the dental practice is not required to notify the patient or federal government that there has been a breach, because the patient agreed to the risks of having their protected health information transmitted in an unsecure manner.

The law does not permit a health care provider to require an individual to accept unsecure methods of transmission in order to receive copies of his or her health information. The Office for Civil Rights says it issued the new guidance to stress the importance of providing individuals access to their health information.

“Providing individuals with easy access to their health information empowers them to be more in control of decisions regarding their health and well being,” according to the Office for Civil Rights website. “For example, individuals with access to their health information are better able to monitor chronic conditions, adhere to treatment plans, find and fix errors in their health records, track progress in wellness or disease management programs and directly contribute their information to research.”

The ADA Complete HIPAA Compliance Kit (J598) has information about patients’ requests to obtain copies of their medical records in chapter 2.  The HIPAA kit is available at ADACatalog.org and is $300 for members and retails for $450.

For more information about HIPAA, visit hhs.gov/hipaa.