FaxInbox is HIPAA compliant

Does the HIPAA Privacy Rule permit a doctor, laboratory, or other health care
provider to share patient health information for treatment purposes by fax, e-mail,
or over the phone?

Updated 1-5-2016

Answer: Yes.

The Privacy Rule allows covered health care providers to share protected health information
for treatment purposes without patient authorization, as long as they use reasonable safeguards
when doing so. These treatment communications may occur orally or in writing, by phone, fax,
e-mail, or otherwise. For example:

  • A laboratory may fax, or communicate over the phone, a patient’s medical test results to a physician.
  • A physician may mail or fax a copy of a patient’s medical record to a specialist who intends to treat the patient.
  • A hospital may fax a patient’s health care instructions to a nursing home to which the patient is to be transferred.
  • A doctor may discuss a patient’s condition over the phone with an emergency room physician who is providing the patient with emergency care.
  • A doctor may orally discuss a patient’s treatment regimen with a nurse who will be involved in the patient’s care.
  • A physician may consult with another physician by e-mail about a patient’s condition.
  • A hospital may share an organ donor’s medical information with another hospital treating the organ recipient.

The Privacy Rule requires that
covered health care providers apply reasonable safeguards when making these communications to protect
the information from inappropriate use or disclosure. These safeguards may vary depending on the mode
of communication used. For example, when faxing protected health information to a telephone number that
is not regularly used, a reasonable safeguard may involve a provider first confirming the fax number
with the intended recipient. Similarly, a covered entity may pre-program frequently used numbers directly
into the fax machine to avoid misdirecting the information. When discussing patient health information
orally with another provider in proximity of others, a doctor may be able to reasonably safeguard the
information by lowering his or her voice.

Taken from the US health and human services web site.


http://www.hhs.gov/hipaa/for-professionals/faq/570/does-hipaa-permit-health-care-providers-to-use-email-to-discuss-health-issues-with-patients/