Do your patients request information be sent to them via email, such as a receipt for an office visit? If your email contains any information regarding a patient and/or their services or their claim, it may contain protected health information (PHI) belonging to that patient and should not be emailed without encryption. As a reminder, emails sent to patients directly from our Practice Management system are not encrypted.
When sending emails that contain PHI, you should save the requested information as a PDF and either send the document from your practice email system using an email encryption tool or upload the document into the patient portal for the patient to access directly.
Please note: When personally identifiable information (PII) is combined with a person’s physical or mental health diagnosis or condition, health care services received, or one’s payment for that health care, it becomes PHI.
The following is a list of the 18 identifiers that the Health Insurance Portability and Accountability Act (HIPAA) identifies as PII.
This information can be used to identify, contact, or locate a single person, or could be used by combining the identifier with other information to identify a single individual.
- Address (all geographic subdivisions smaller than state, including street address, city county, and zip code)
- All elements (except years) of dates related to an individual (including birthdate, admission date, discharge date, date of death, and exact age if over 89)
- Telephone numbers
- Fax number
- Email address
- Social Security Number
- Medical record number
- Health plan beneficiary number
- Account number
- Certificate or license number
- Any vehicle or other device serial number
- Web URL
- Internet Protocol (IP) Address
- Finger or voice print
- Photographic image – Photographic images are not limited to images of the face.
- Any other characteristic that could uniquely identify the individual