HIPAA’s Role in E-Mail Communications between Doctors and Patients: Privacy, Security, and Implications of the Bill

Document Type


Publication Date


Publication Title

The Health Educator




The confidentiality of a patient’s information has been sacred since the days of Hippocrates, the Father of Medicine. Today, however, merely taking an oath to respect a patient’s privacy has been overshadowed by regulations governing how certain healthcare establishments handle an individual’s health information on the web. Consequently, if a healthcare organization employs electronic mail as a means of communicating medical and/or health data to consumers, providers, and other appropriate parties, it must ensure such information is safeguarded, since using the Web poses concerns about the privacy and security of an individual’s information. E-mail between patients and physicians (or other health care providers) must be secured under the privacy rule of the Health Insurance Portability and Accountability Act; when transfer of protected health information (PHI) occurs, even if private, such a communication falls under HIPAA’s guidelines. In today’s electronic age, it is increasingly likely that protected health care information will be subject to fraud. HIPAA addresses the privacy and security of health care information in its Privacy and Security Rules, which enforce standards applied to PHI. This paper will focus on HIPAA’s role in e-mail communications in health settings, particularly as it relates to the privacy of the information exchanged between doctor and patient.