e-mail Print Share

Report outlines best method to send secure health information digitally

February 02, 2016

By Michelle Manchir

Have you ever needed to send by email clinical findings to an endodontist for a patient experiencing acute pain?

What about using email to get a patient’s digital information to his or her new dentist after they move to a new city?

What if you need to send radiographic images through email for a patient to facilitate a post-mortem identification?

All of these scenarios should be completed securely to avoid fines from the U.S. Department of Health and Human Services and the Office of Civil Rights. The Health Insurance Portability and Accountability Act, commonly known as HIPAA, which protects patients’ privacy, imposes hefty fines — up to $1.5 million — for breaches of patient information.

To set the standard for dentists to securely exchange sensitive health information over the Internet, the American Dental Association’s Standards Committee on Dental Informatics developed a technical report published in January to walk dentists and their offices through the guidelines for the secure transmission of protected health information.

Technical Report No. 1085, Implementation Guidelines for the Secure Transmission of Protected Health Information in Dentistry, is available at no cost for member dentists in the ADA Catalog.

The report outlines the recommended best practice or the direct messaging protocol, in which the sender and receiver use direct addresses issued by a certificate authority intended for use in health care only. That means dentists wouldn’t use their personal Yahoo or Gmail email addresses for sending this information.

Photo of Dr. Stephen Glenn
Dr. Stephen Glenn

According to the technical report, “the Direct Secure Messaging Protocol provides for point-to-point data encryption, sender and receiver validation by a third trusted party, compliance with HIPAA, the Health Information Technology for Economic and Clinical Health Act and the final Omnibus Rule. The protocol is based on open standards and is nonproprietary. The most important thing to know about direct secure messaging is that it is just like email, but with an added layer of security and trust-in-identity operating behind the scenes.”

To implement this kind of secure messaging, the dental informatics subcommittee recommends dentists use a third party known as a health information service provider, or HISP.

“It’s a really high standard as far as security is concerned, and it comes at a reasonable cost,” said Dr. Stephen Glenn, vice chair of the Standards Committee on Informatics, which developed the report

For more information about HIPAA training and compliance, the ADA offers the ADA Complete HIPAA Compliance Kit. Members can order the kit for $300 by calling 1-800-947-4746 or visiting ADAcatalog.org and searching for product J598. A 20 percent discount is offered on all ADA Catalog HIPAA and OSHA products when promo code 16108 is used before March 31.

ADA Business Resources endorses PBHS Inc. as a Health Insurance Portability and Accountability Act-secure email and collaboration system provider for Association members. PBHS Secure Mail can help member dentists, specialists, staff and patients easily communicate within a HIPAA-compliant environment. ADA members can choose this HIPAA-compliant email solution that starts at $10 per month or purchase an upgraded package that uses the even higher standards of direct messaging. For more information, contact PBHS at 1-855-WEB-4ADA or visit pbhs.com/securemail.