Q

PHI in the subject line of e-mail

A question has been raised at my place of employment about subject lines of e-mails. Are we required to omit employee names as well as patient names from the subject lines of e-mails? There has been much speculation about this issue and I would like to have any confusion cleared up.

Given that names are considered protected health information (PHI), these could fall under the Security Rule requirements. You didn't mention whether or not employee names are considered PHI at your organization. If so, what I mention below will apply to both patient names and employee names. This issue would most likely fall under the "Transmission Security" standard in the final Security Rule which must be "addressed." What this basically means is that you'll have to perform a risk assessment to determine whether or not this PHI is at risk to any known information security threats or vulnerabilities.

If you're sending your e-mails in clear text you can bet it's at risk, both during transmission and once it arrives at its destination. So, given all of this, there is no rule that states you have to omit names from e-mails. However, you do need to make sure that any PHI (names, addresses, phone numbers, etc.) is not at risk when e-mailing it. If your risk assessment shows you need to protect e-mails, you'll need to either eliminate the PHI from the e-mails or somehow encrypt the e-mails so that the information is not interceptable or readable by a third party.


For more information on this topic, visit these other SearchSecurity.com resources:
  • Ask the Expert: Protecting in-house e-mail containing PHI
  • Ask the Expert: Encrypting e-mail and what is considered confidential under HIPAA
  • Featured Topic: HIPAA update


  • This was first published in March 2003

    Dig deeper on Email Security Guidelines, Encryption and Appliances

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close