JUST THE FACTS: How to E-Mail PHI at the UF Health Science Center
- PHI may be communicated by e-mail between clinicians and patients only if the patient has signed an authorization.
- See Privacy website for HIPAA-specific Email Authorization form: http://privacy.health.ufl.edu//policies/hipaamanual/forms.shtml. Address all of the issues included on the Alert for E-Mail Correspondence tip-sheet with patients and/or personal representatives who want to communicate by e-mail, before the patient signs an Authorization.
- Clinically relevant e-mail messages must be printed in full, including any responses, and included in the patient's medical record.
- PHI may be communicated by e-mail between and among clinicians and support staff under the following conditions:
- E-mail containing PHI may only be sent from one ufl.edu address to another ufl.edu address. The sender of any e-mail containing PHI is responsible for ensuring that the recipient's address is within the ufl.edu e-mail system.
- PHI may be communicated by email only for the purposes of: Requesting Consultations, Making Referrals, Prescription Refills, and Billing Inquiries.
- The Minimum Necessary Rule applies to all e-mail correspondence that contains PHI. Extraneous comments, opinions, assumptions, and speculations should be excluded from all e-mail correspondence.
- No distribution list may be used for e-mail that contains PHI.
- E-mail containing PHI may not be manually forwarded or auto-forwarded to any non-ufl.edu account, including but not limited to, personal and commercial e-mail accounts such as AOL, Yahoo, MSN, etc.
- When replying to e-mail containing PHI from senders outside the ufl.edu system, the response may not contain the original message or any other PHI.
- Access to ufl.edu e-mail accounts through the Internet must be by secure (SSL) connections.
- Limit computer storage for emails containing PHI to three days or less. Move confidential or sensitive information to the server that incorporates additional access protections, or print and appropriately store hard copies of the information.
- Include the following confidentiality statement in all e-mails that are sent from the University of Florida:
NOTE: This communication may contain information that is legally protected from unauthorized disclosure. If you are not the intended recipient, please note that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, you should notify the sender immediately by telephone or by return email and delete this message from your computer.
