Description
Email is one of the most common ways PHI moves around inside and outside a healthcare organization, and it is also one of the most frequent sources of HIPAA breaches.
The HIPAA Email and PHI Transmission Policy Template establishes clear, enforceable rules for how your workforce handles protected health information in email and other electronic channels. It addresses the Transmission Security standard at 45 CFR 164.312(e) and fits into your broader information security program.
Unencrypted email containing PHI has resulted in significant OCR enforcement actions and settlements. A documented, workforce-acknowledged policy demonstrates that your organization has established appropriate controls and holds staff accountable for following them.
What This Template Covers
- Prohibited uses of unencrypted email for PHI transmission
- Encryption requirements and approved secure messaging tools
- Acceptable use of email for patient communications and consent documentation
- Internal versus external transmission requirements
- Mobile device and personal email account restrictions
- Workforce training and acknowledgment requirements
- Monitoring and violation response procedures
Who This Is For
Covered entities and business associates of any size whose workforce uses email to communicate about patients or health information. This is particularly useful for medical practices, behavioral health providers, dental offices, and health IT vendors.
Delivered as an editable Microsoft Word (.docx) file. Available immediately after purchase.
