Can X-Rays Be E-Mailed Under HIPAA?

HIPAA Privacy

• The Health Insurance Portability and Accountability Act (HIPAA) provides federal protection for patients' personal health information. (see Reference 1) HIPAA's Privacy Rule establishes patient rights concerning the handling of health information, regardless of its form (electronic, written, or oral). The Security Rule requires health care entities to properly protect electronic health information. (see Reference 2)

X-Rays Protected

• X-rays and other types of radiological images are considered protected health information (PHI). By definition, PHI is health-related information that can identify a person either directly or indirectly. Personal identifiers include name, address, Social Security number, date of birth, and medical record number. (see Reference 3)

E-mailing X-rays

• Health care providers can e-mail X-rays to others authorized to receive them but only under secure conditions which ensure a patient's identity will not be disclosed to unauthorized persons. Transmitting information on a secure network or using encryption can help safeguard the information. (see Reference 3) Including an e-mail disclaimer at the end of the e-mail with a confidentiality notice is also important. (see Reference 4) The disclaimer should warn unauthorized recipients not to use the images or other information contained in the e-mail and provide contact information so the sender can be notified of the error. (see Reference 5)