A new guideline issued by the Office for Civil Rights clarifies that the Health Insurance Portability and Accountability Act is not violated when a patient requests their dentist to use an unsecure email to send their records to them.
However, the practice must provide a warning of the risks associated with using an unsecured email.
This guidance confirms if the protected health information is compromised by using an unsecured email, then the dentist is not required to report the breach to the patient or the federal government since the patient requested the email use and agreed to the risks.
The OCR issued the new guidance stressing importance of providing patients access to their health information.