Understanding the Difference Between Email and Secure Messaging with Regards to HIPAA

You can use Chart Talk to communicate with your patients for patient reminders, patient communication, appointment requests, and new patient sign up. Before you start sending patient communication, let’s review what Protected Health Information (PHI) is and what you can do to.

By definition, PHI is:

The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.Dept. of Health & Human Services

When working with PHI, we want to make sure that communication regarding personally identifiable health information is sent only via secure channels.

Chart Talk messaging is a secure channel.
Chart Talk Secure Messaging
  1. Chart Talk Messaging is accessed via the patient portal to ensure security.
  2. All messages are encrypted from point to point and in the database itself.
  3. Chart Talk Messaging has been certified to meet CMS 2014 EHR requirements regarding patient secure messaging.
Email is not a secure channel.
Email Reminders
  1. Including patient appointment time is OK. When possible, don’t include the patient name. See Chart Talk default email reminder template
  2. Do not include patient identifiable demographics, diagnosis, test results, treatment plans, etc.
  3. Use email to drive patients to the secure patient portal.