Ask the Expert

PHI in the subject line of e-mail

A question has been raised at my place of employment about subject lines of e-mails. Are we required to omit employee names as well as patient names from the subject lines of e-mails? There has been much speculation about this issue and I would like to have any confusion cleared up.

    Requires Free Membership to View

Given that names are considered protected health information (PHI), these could fall under the Security Rule requirements. You didn't mention whether or not employee names are considered PHI at your organization. If so, what I mention below will apply to both patient names and employee names. This issue would most likely fall under the "Transmission Security" standard in the final Security Rule which must be "addressed." What this basically means is that you'll have to perform a risk assessment to determine whether or not this PHI is at risk to any known information security threats or vulnerabilities.

If you're sending your e-mails in clear text you can bet it's at risk, both during transmission and once it arrives at its destination. So, given all of this, there is no rule that states you have to omit names from e-mails. However, you do need to make sure that any PHI (names, addresses, phone numbers, etc.) is not at risk when e-mailing it. If your risk assessment shows you need to protect e-mails, you'll need to either eliminate the PHI from the e-mails or somehow encrypt the e-mails so that the information is not interceptable or readable by a third party.


For more information on this topic, visit these other SearchSecurity.com resources:
  • Ask the Expert: Protecting in-house e-mail containing PHI
  • Ask the Expert: Encrypting e-mail and what is considered confidential under HIPAA
  • Featured Topic: HIPAA update


    This was first published in March 2003

  • There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: