I'm writing to spread awareness that HIPAA - regulated entities ARE allowed to send PHI via regular mail:
https://www.hhs.gov/hipaa/for-profes...x.html*states:
"...*the Privacy Rule does not prohibit the use of unencrypted e-mail ...**Note that an individual has the right under the Privacy Rule to request and have a covered health care provider communicate with him or her by alternative means or at alternative locations, if reasonable. See 45 C.F.R. § 164.522(b).*"
So regular email is generally appropriate if a patient requests it or if, because of safeguards that have been applied, such as the ones that this thread shows have been applied, normal email between identified parties is encrypted already.
Some of those HIPAA-compliant systems are much worse than others, so this can be valuable info.
(This is a repost from my last post to this fastmail thread I started:
http://www.emaildiscussions.com/show...044#post610044)
It's worth reading the whole FAQ entry I linked to.