Embedded Files
If you are a physician or a health care provider, you must comply with HIPAA rules and send your patient's medical records in a secure way. This includes secure email, web form or direct mail. The recipient must have authorization to receive the records. The covered entity must not charge you for the copy and must use the View, Download, and Transmit functionality (CEHRT).
Emails are a common way of sending medical records. However, they may not meet HIPAA's security standards. If you are not sure how to send the documents in a secure way, read our guidelines for sending PHI through email. You can also consider sending the documents through letter packages.
Upon receiving these records, the recipient must comply with the rules set forth in HIPAA. The HIPAA privacy rules apply to "protected health information" (PHI) in any form. This information includes names, addresses, social security numbers, identifiers, phone numbers, emails, and other demographic information. It may also contain test results or billing information.
HIPAA requires covered entities to provide access to PHI in a secure format when requested by an individual. It does not preclude state laws that give patients access to their PHI in a different format. However, if a state law requires a shorter time period, covered entities must comply.
Page updated
Google Sites
Report abuse