E-mail Communication with Patients in the Wake of the HIPAA Final Security Rule

Over the last decade, the popularity of e-mail communication between doctors and patients has risen steadily. The asynchronous nature of e-mail provides convenience and more effective use of time for both parties; patients can make appointments or get prescriptions. Physicians and their staffs can provide lab results or patient follow up more efficiently. E-mail also provides an electronic 'paper trail' of such transactions that can be maintained in the patient's medical record. The Health Insurance Portability and Accountability Act (HIPAA) passed by Congress in 1996 introduced sweeping rules governing the privacy and security of all forms of patient information. On February 202003 the Department of Health and Human Services (HHS) responsible for the implementation of HIPAA released the HIPAA Final Security Rule which focuses on the protection and privacy of electronic patient information. The Final Security Rule places broad restrictions on how electronic data containing patient information including e-mail is stored and transmitted. The final rule could have a profound effect on doctor/patient e-mail communications. This paper will explore the issues that the HIPAA regulations raise with doctor/patient e-mail communications and will discuss some possible solutions.