 |
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
||||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
 |
 |
 |
 |
 |
 |
|
|||||||
Email Confidentiality Policy
New directives (rather onerous ones) are being enforced with the HIPAA laws in the US (summarized below). By definition, email is apparently not confidential unless encrypted, something your email to us will not be. Thus, our receipt of your email tells us that you are willing to waive any confidentiality provisions of the HIPAA act. Our physician responses to you should not be considered confidential either. While we have no intention of telling anyone about your email, you may wish to pursue any private matters confidentially by phone call, mail, or personal visit.
I have read, understood, and waive any HIPAA confidentiality provisions related to email.
HIPAA Confidentiality Provisions
The HIPAA Security Standard contains two subparts that relate directly to data integrity, data access, and mechanisms for handling data. The part most relevant to email is the rule requiring "securing patient records containing individually identifiable health information so that they are not readily available to those who do not need them." The relevant HIPAA subparts include:
- 45 CFR Part 142, § 142.308 (c). “Technical security services to guard data integrity, confidentiality and availability.” These are processes that protect information and control individual access to information.
- 45 CFR Part 142, § 142.308 (d). “Technical security mechanisms.” These are controls that prevent unauthorized access to information that is transmitted across an internal network or across the public Internet.
