HIPAA - Emailing Patient Information

Frequently Asked Questions

• Can you send patient information via email?

Yes, as long as the following three requirements are met:

1. The email is sent within UW Medicine (@u.washington.edu, @uwpn.org, @uwp.washington.edu) or to one of our affiliates (@fhcrc.org, @med.va.gov, @psbc.org, @seattlecca.org, @seattlechildrens.org);
2. The email transmission is secure; and
3. The email contains the minimum amount of patient information necessary to meet the recipient's needs.
• How do you configure your email to ensure the transmission is secure?

If you use WebPine or Secure CRT, they are automatically configured to meet the security requirements. If you use PC-Pine, MS Outlook Express, or Netscape Communicator/Messenger, you can verify the configuration with UW Technology (formerly Ccomputing & Communications).

• Is there a person available to assist with email program configuration in the event problems arise?

Yes, the personnel that support your workstation or the IT Services Help Desk can assist you.

• Can you email patient information to healthcare providers other than UW Medicine and its affiliates (e.g., Swedish or Madigan)?

No, you may not email patient information to anyone other than UW Medicine or its affiliates. Alternatives to email include fax or U.S. mail.

• Is there specific language that should be used in email sent directly to a patient?

Yes, the following language should be included under your signature on any email sent to a patient:

"The above email may contain patient identifiable or confidential information. Because email is not secure, please be aware of associated risks of email transmission. If you are a patient, communicating to a UW Medicine Provider via email implies your agreement to email communication; see http://www.uwmedicine.org/Global/Compliance/EmailRisk.htm.

The information is intended for the individual named above. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please notify the sender by reply email, and then destroy all copies of the message and any attachments. See our Notice of Privacy Practices at www.uwmedicine.org."

• Can you automatically forward email received by your University account to other email accounts such as hotmail or yahoo?

No, UW Medicine staff and students may not automatically forward email received by their University account to a personal email account. This action is prohibited by the policies of the University since the transmission is not necessarily secure.

• What steps should be taken when an email containing patient information is sent to the wrong recipient?

If you are the sender, notify the HIPAA Staff in UW Medicine Compliance. If you are the recipient, immediately reply to the sender notifying them of the error, delete the email and notify the HIPAA Staff in UW Medicine Compliance.

Additional information may be found in the Information Security Email Standard SEC-03.02.