New HIPAA Rules: Should You be Using Email With Your Doctors?

Written by Jeff Noles, posted September 17, 2013 • Blog, Business Advice

One of the biggest challenges in running a dental lab is communicating with your doctors.  Frustratingly, it’s not an issue that can always be solved by working harder—especially when your clients aren’t returning phone calls.  Many labs attempt to bridge the communication gap with email, but this can be risky for two reasons, one related to HIPAA and the other to getting cases done on time.  This blog post discusses both of these risks.  And after providing some hopefully useful information we’re putting a plug in for SoundTrack software at the end of the article.

The new HIPAA rules coming into effect on September 23rd—called the “final omnibus rule”, increase fines for HIPAA violations and issue new requirements for reporting data breaches (see the Health and Human Services news release here).  Realistically speaking this doesn’t have a big impact on dental labs since the amount and volume of private patient information is limited, and to date we’ve never heard of a dental lab getting in trouble for data breaches.  Nevertheless, labs do have an obligation to protect patient data and the omnibus rules include another new requirement for “covered entities” (dental offices) and “business associates” (dental labs):  dental offices should have all dental labs sign Business Associate Agreements obligating labs to protect patient information.  (Find more information on this new HIPAA requirement for dental labs here.

Maintaining confidential records is the core of the HIPAA requirement.  In the case of online information such as email this means full encryption of patient health information.  Unfortunately encrypting email during both sending and storage is extremely difficult—it requires specialized encryption software between both the sender and the receiver, which only the hardest-core geeks would even know how to use (at SoundTrack software we know a few of ‘em).  If this rule was enforced vigorously, Gmail, Hotmail, Yahoo, etc. wouldn’t pass muster with HIPAA because they’re vulnerable to data theft—for example the NSA, while not actually able to break encryption algorithms, has found ways to snatch information from emails in those moments when data is vulnerable.  It should also be noted that text messaging suffers from the same security gaps.  The only complete solution is to use closed messaging systems that are both password protected and encrypted.  In the absence of such a messaging system it’s best to be discreet and cautious when using email with your doctors.

But even discretion and caution won’t help when a doctor isn’t answering email.  In fact, using email to communicate with doctors can be exasperating.  Emails can be a huge information bottleneck—something akin to putting a message for your doctor in a bottle and tossing it into the nearest river.  For example, it’s difficult to track who hasn’t answered emails, or when to follow up on unanswered emails.  Many labs create client folders to store client-specific emails, but there’s no way to connect these emails to specific cases so finding the right email can take valuable working minutes.  If only one person in a large doctor’s office reads the email and forgets to tell the right person, it’s almost as if the email has disappeared into thin air.  Finally, it’s very hard to respond to a doctor’s office who claims they never received your email—especially if they don’t agree to “return receipt” popups.

Finally, we arrive at the SoundTrack software plug:  if you’re concerned about HIPAA compliance or you’ve run into any of the email issues mentioned above at your dental lab, SoundTrack’s encrypted, secure messaging is the answer— please click here for more information.