Maintain HIPAA Compliance While Communicating with Labs and Specialists

Aspida Ad Oct2015In cooperation with my friends at Aspida, we’ve launched a new column to the site, the Compliance Corner.  Each quarter, we’ll feature a new article about HIPAA compliance, regulatory news, keeping patient data private & secure, and other topics to help keep dental practices and their patients safe.  Here’s the second article from Laura Miller, Compliance Manager at Aspida.  It’s a quick read on the importance of encrypted email, even, or especially, when communicating with labs and specialists.  Enjoy!

Any healthcare provider depends on their community of colleagues to facilitate and grow their own business. With outsourcing lab work to designated labs, sending referrals to specialists, receiving referrals from specialists – there’s a carousel of constant communication. Within these communications, there are regulations and mandates applying to HIPAA. The Department of Health and Human Services addresses if these sorts of communications are permitted and under what restraints.

Does the HIPAA Privacy Rule permit a doctor, laboratory, or other health care provider to share patient health information for treatment purposes by fax, e-mail, or over the phone?

Yes. The Privacy Rule allows covered health care providers to share protected health information for treatment purposes without patient authorization, as long as they use reasonable safeguards when doing so. These treatment communications may occur orally or in writing, by phone, fax, e-mail, or otherwise. (

The caveat that we’ll be dissecting here is “as long as they use reasonable safeguards when doing so”.
If using the phone, this may include confirming the party on the other end. When sending a fax, it’s best to ensure you have the most updated fax number and are meticulous when inputting the data.

However, when it comes to emailing Protected Health Information (PHI), these simple, elementary safeguards may not be enough. We can cross reference the standards from the Federal Register to understand encryption is the most efficient way to do this.

Technical safeguards: Implementation specifications – § 164.312(e)(1) Transmission Security – Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.

The easiest way to do this is to utilize an encrypted email system. Encrypted Email is a method used to secure the email messages to protect the content from being read by other entities than the intended recipient. Email encryption may also authenticate the user requesting permission to view.

When looking for an encrypted email provider, ensure that their safety mechanisms are up to par with those recommended by the National Institute of Standards and Technology (NIST), which recommends “whenever possible, AES should be used for the encryption algorithm because of its strength and speed”. AES, or Advanced Encryption Standard, is a symmetric cipher used to protect sensitive data. This encryption technique was adopted by the US Government in 2000 as a new recommended criteria for encryption standards.

What information needs to be sent securely? Any PHI, which is any identifiable data. This includes name, address, social security number, birthdate, credit card number, date of service, provider and more.

Happy (secure) communicating!

About the Author:
Laura Miller is Compliance Manager of Aspida, which has quickly established itself as an industry leader in providing compliance security products and services for healthcare providers.  Their first product to market, Aspida Mail, offers medical practices affordable Encrypted Email without compromising security.
Miller has over 8 years of experience in the healthcare industry including 3 years with a primary focus on HIPAA Compliance procedures.

Thank you for reading!  And as a special Thank You, Aspida is offering readers of this site an exclusive discount on your first three months of Aspida Mail – get the first three months for $3 with Promo Code “DUNN”.  Click the button above to take advantage of this incredible offer.


About jmichaeldunn

A self-proclaimed "dental geek", I am passionate about the dental industry, oral health, and dental technology marketing. I have spent the last decade in various marketing capacities for dental technology companies. I enjoy talking about dental marketing with just about anyone and helping companies grow through developing innovative and integrated marketing communications campaigns.
This entry was posted in Business of Dentistry, Dental Technology, Digital Dentistry, Guest Contributors, How to ..., Products and tagged , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s