View Single Post
Old 6 May 2019, 08:14 AM   #2
Join Date: Feb 2004
Posts: 81

Representative of:
Yes. This is absolutely true and is referred to as "Mutual Consent". As you note, there are some strict guidelines around when you can send ePHI over unsecured channels (like email or SMS):

* You have to properly communicate the risks to the patient.
* There needs to be a secure alternative that the patient can choose (i.e., because it is not expensive or difficult to provide a secure alternative, there is arguable a very strong requirement to do so).
* The patient needs to agree in writing that she/he accepts the risk and that unsecured communication is Ok
* You need to record (the above) so that you have it on hand in case of an audit or breach.

For more details, see:
kangas is offline   Reply With Quote