- gMed - https://clients.gmed.com -

HIPAA Reminder – Emailing and Communicating with PHI

Do your patients request information be sent to them via email, such as a receipt for an office visit? If your email contains any information regarding a patient and/or their services or their claim, it may contain protected health information (PHI) belonging to that patient and should not be emailed without encryption. As a reminder, emails sent to patients directly from our Practice Management system are not encrypted.

When sending emails that contain PHI, you should save the requested information as a PDF and either send the document from your practice email system using an email encryption tool or upload the document into the patient portal for the patient to access directly.

Please note: When personally identifiable information (PII) is combined with a person’s physical or mental health diagnosis or condition, health care services received, or one’s payment for that health care, it becomes PHI.

The following is a list of the 18 identifiers that the Health Insurance Portability and Accountability Act (HIPAA) identifies as PII.

This information can be used to identify, contact, or locate a single person, or could be used by combining the identifier with other information to identify a single individual.