This month’s lesson is a short one and serves as a reminder that email, by default, is not a secure way to send information. While it is easy to use, you should not do it. In addition, before sending a patient their own information via email, make sure you have a release signed by the patient that they wish to have their information sent via email.

Email passes through many servers on its way to the recipient and each of these servers can make a copy of the email. This means that the protected health information contained in the email is how on, potentially, many servers.

Email can be used if you utilize encryption. There are many ways that this can be done from built-in encryption for Office 365 or encrypting PDF attachments. Most PDF-creating programs offer an option to password-protect and encrypt the PDF file.

Another option is to stick to sending patients’ information through your EMR’s messaging portal.

The key takeaway for this month is just to keep in your mind that while email may be very handy and easy to use, it is trivial to intercept and therefore is not a secure way of sending protected health information. You also want to make sure that you have a signed release from the patient indicating they wish to receive information via email.