One of the unique challenges for custodians using email to communicate with their patients — particularly when they cannot see or hear the patient — is to ensure the exchange is with the correct person. Custodians should verify the recipient’s identity and correctly address emails or messages to avoid misdirection. One approach is to send a test message in advance and ask for confirmation to ensure the message reaches the intended recipient.
Further safeguards to use when communicating personal health information by email include:
• providing a notice in an email that the information received is confidential
• providing instructions to follow if an email is received in error
• communicating by email from professional rather than personal accounts because personal accounts may have weaker security levels and may be more susceptible to compromise
• confirming an email address is up to date
• ensuring that the recipient’s email address corresponds to the intended address
• regularly checking pre-programmed email addresses to ensure that they are still correct
• restricting access to the email system and to email content on a need-to-know basis
• informing patients of any email address changes
• acknowledging receipt of emails
• minimizing the disclosure of personal health information in subject lines and message contents to the greatest extent possible
• ensuring strong access controls to email accounts used by custodians
• recommending that patients use a password-protected email address that only they can access
Custodians should also ensure compliance with the safeguards specified in any other policies and procedures, including those related to using personal devices in the workplace.
Patients should be registered through a secure messaging solution that authenticates their identity before accessing their messages.
Custodians should use encryption for emails to and from patients that contain personal health information. This includes by encrypting or password-protecting document attachments and sharing passwords separately through a different channel or message. If the use of encryption is not feasible, custodians must determine if the use of unencrypted email is reasonable in the circumstances after considering all relevant factors, including the sensitivity of the information, the purpose of the transmission, and the urgency of the situation (please see IPC’s Fact Sheet: Communicating Personal Health Information by Email). Custodians are also expected to use encryption when emailing personal health information to other custodians.
Custodians’ employees, other agents, and patients should be reminded of the risks associated with phishing to avoid falling prey to malware, spyware, or other forms of social engineering. Phishing is an online attack in which an attacker — using both technological and psychological tactics — sends a message designed to trick the recipient into revealing confidential information or downloading malware. Phishing attacks often imitate legitimate sources and work by exploiting people’s trust, curiosity, fear, and desire to be helpful and efficient. Recipients should be cautious when faced with messages that are unexpected or contain suspicious attachments or links.
Custodians should store personal health information on email servers only for as long as is necessary to serve the intended purpose. For example, if email communication is documented in the patient’s record, it may not be necessary to retain duplicate copies of the information on an email server. Likewise, custodians should ensure that all copies of emails containing personal health information on portable devices are securely deleted when they are no longer needed and are documented in the patient’s record.
For best practices, please see the IPC’s fact sheets Communicating Personal Health Information by Email and Protect against Phishing.
Special considerations for videoconferencing
When using videoconferencing platforms to deliver care, custodians should take additional steps to prepare the patient for their virtual visit. For example, the custodian could ask about captioning or screen reader requirements to address accessibility concerns and review the steps the patient can take to protect their privacy.
As a best practice, both the custodian and the patient should join the videoconference from a private location using a secure internet connection. This includes using a closed, soundproof room or an
otherwise quiet and private place and having window coverings where and as appropriate. Use headphones rather than the speaker on the device to prevent being overheard by others, and be mindful of where screens are positioned.
Once logged into the videoconference, the custodian should check the meeting settings to ensure the meeting is secure from unauthorized participants. If the software or application can record the meeting, this feature should only be used when it is necessary and the patient provides express consent.
At the start of an initial visit, the custodian should verify the identity of the patient. In the event of a new patient encounter, the custodian should compare the patient’s image with a photo on file or ask the patient to hold up their health card to the camera for confirmation.
The custodian should introduce themselves and any others who are present on the custodian side of the interaction and ensure the patient consents to the presence of any additional individuals. The custodian should also inquire if anyone is accompanying the patient and confirm the consent of the patient.
When videoconferencing, custodians must use sufficiently high-quality sound and resolution to ensure they are able to collect information (including verbal and non-verbal cues) that is as accurate and complete as is necessary for the purpose of providing health care.
Taken directly from the IPC’s Privacy and Security Considerations for Virtual Health Care Visits