Tollfree - +1-888-222-5917

New HIPAA Rules for Communicating with Patients by Unencrypted Email and Text Messages

Faculty :

Industry :

Duration :

Course Description:

         Email and text message are subject to the HIPAA Security Rule transmission standard. Changes in the Omnibus Rule in 2013 further clarified the importance of proper usage of email and text message, examples of electronic transmission media. Oftentimes used as a method to transmit PHI, electronic transmission media is an area that covered entities need to develop and implement policies and procedures to ensure HIPAA compliance. HHS states:

  • Covered entities have a "Duty to Warn" individuals of the risk of unencrypted transmission and that warning is a necessary step in protecting their PHI
  • Unencrypted email and text messages may be sent only if the individual consents to receive them after being warned
  • Documentation of consent is required

         Through real-world examples, Ross will delve into the ways to engage patients through email and text messages, teach you how to safeguard PHI throughout electronic transmission media, and set you on the path to HIPAA compliance.

Why should you Attend?

         Email and text message continue to grow with popularity amongst patients and amongst covered entities. And email and text message continue to be examples of a Breach! These methods of electronic communication are used to discuss treatment, to market and to engage the patient. And yet these methods of communication can be extremely unsafe. Interceptions, hackers, misdialed numbers can all result in stolen protected health information (PHI) and in HIPAA violations - all resulting in the loss of a patient’s privacy, maybe even identity theft and in loss of funds for the covered entity. Today health records are more valuable than credit card numbers or social security numbers on the black market. As a health care provider or covered entity, it is your responsibility to safeguard PHI. It was once understood that email and text message were deemed appropriate if the email or text message were received from the patient. Since the Omnibus Rule, this has changed.

         Covered entities are responsible for HIPAA requirements for all PHI in every email and text message. The email or text message address alone are PHI as defined by HIPAA - regardless of the content. HIPAA requires that every covered entity has a “duty to warn” and has the responsibility of acquiring consent and keeping proper documentation. And yet this is not being done in a compliant way. There is a HIPAA "safe harbor" or “get out of jail free” card that frees you from:

  • Responsibility for unauthorized access of a patient's PHI during transmission
  • Responsibility for safeguarding PHI delivered to the patient

        Don’t be the Provider or Business Associate that finds itself in serious trouble simply because you didn’t follow the HIPAA Rules for unencrypted electronic communication with patients!

Areas Covered:

  • Patient Attraction Tips: Protect Patients’ Privacy and PHI, Build the Relationship
  • Why is Email or Text so significant in HIPAA: Electronic Transmission Media
  • Protecting PHI and ePHI in the Electronic World: Omnibus Rule
  • TPCA & HIPAA: Misinterpretations and Misunderstandings
  • When and when not to Email or Text: Implement Policies and Procedures
  • Duty to Warn, Consent & Documentation: HIPAA Compliance
  • Real World Examples: Are you Compliant or has there been a Breach?

Who will benefit?

This webcast will be of a valuable assistance to the below audience.

  • HIPAA Compliance Official (HIPAA Officer)
  • Privacy Officer
  • Security Officer
  • Healthcare Counsel/Lawyer
  • Office Manager

Registration Options

Avail 12 months unlimited access for a single user.

Material shipped within 15 days post webinar completion & get life time access for unlimited participants.


HIPAA, Texting and Emailing, HIPAA in 2018, Hospitals, BYOD, PHI, HITECH, HIPAA Security Rule, Emailing of PHI, Texting of PHI

Speaker Details

Ross Leo

Ross Leo

HIPAA Privacy and Security Consultant

Ross Leo has been in Information Systems since 1977, and an Information Security professional for over 35 years. He has worked internationally as a Systems Analyst/Engineer and as a Security and Privacy Consultant. Ross received recommendations from Karl Rove and Tom Delay in 2003 to fill the position of White House Cybersecurity Advisor to the President, as successor to Howard Schmidt.

Refund Policy

Participants/Registrants for our live events, may cancel up to 72 hours prior to the start of the live session and ComplyArena will issue a letter of credit to be used towards any of ComplyArena's future events. The letter of credit will be valid for 12 months.

ComplyArena will process refund in cases where the event has been cancelled and is not rescheduled within 90 days from the original scheduled date of the webinar. In case if a live webinar is cancelled, participants/registrants may choose between recorded version of the course or a refund. Refunds will not be processed to participants who do not show up for the webinar. A webinar may be cancelled due to unavoidable circumstances, participants will be notified 24 hours before the scheduled start of the event. Contact us via email: or call +1-888-222-5917 (Toll Free).