E-Mail Policy
I am creating a “new patient” information form for my office. I am trying to decide whether to include a field where patients can write in an e-mail address. I can foresee that it may be useful to e-mail patients with business news, such as how we now accept a new payer or that we are adding a new service, but I am concerned that gathering e-mail addresses without a fixed policy on e-mail will create more confusion than productivity in the office. I have seen that HIPAA recommends or requires encrypted e-mail for doctor-patient communication, for example. What kind of policy do you suggest?
Question: I am creating a “new patient” information form for my office. I am trying to decide whether to include a field where patients can write in an e-mail address. I can foresee that it may be useful to e-mail patients with business news, such as how we now accept a new payer or that we are adding a new service, but I am concerned that gathering e-mail addresses without a fixed policy on e-mail will create more confusion than productivity in the office. I have seen that HIPAA recommends or requires encrypted e-mail for doctor-patient communication, for example. What kind of policy do you suggest?
Answer: I would ask for e-mail addresses. Sending patients notices about new services and the like does not violate HIPAA since you aren’t transmitting protected health information.
That said, you should also put an e-mail policy into place. For now, it’s probably sufficient to say that no patient will receive protected health information (anything that identifies anything about a patient’s health or payment for healthcare as an individual) via regular e-mail. Also, review the guidelines approved by the AMA, AHIMA, and AAFP.
Finally, consider looking into services that provide secure messaging, such as Medem and many others.
Lead through crisis with confidence: A health care leader’s playbook for resilience and reputation
May 6th 2025Proactive crisis readiness equips health care leaders to navigate today’s permacrisis era, protecting brand reputation, sustaining patient‑care continuity, and preserving stakeholder trust when disruptive events strike.
