> On Feb 18, 2025, at 4:38 PM, McDonald, Stephen <[log in to unmask]> wrote:
> No, they can't because it would violate the law.
> 
>                    Steve McDonald
>                    [log in to unmask]

It's possible that there are state laws that are more restrictive, but HIPPA doesn't totally preclude using email:

 https://www.hhs.gov/hipaa/for-professionals/faq/570/does-hipaa-permit-health-care-providers-to-use-email-to-discuss-health-issues-with-patients/index.html

I've been going through long covid for about 5 years now, so have filled out the 'new patient' paperwork about a dozen times or so fairly recently.  About half of them had a form asking what communications methods they should use (email, text messages, phone calls), and what categories of information they're allowed to send (or leave in voicemail).

I personally hate some of these automated text reminders for doctor's appointments where they don't give any information... Just  date and time, or maybe with a phone number, too ... So then you have to figure out which doctor triggered this message:

"You have an appointment 02/20/2025 at 02:00 PM EST. If you have any questions please call us at (240) ###-####
Text STOP to Opt Out"

(and the phone number that sent the text message is listed as being in Tucson, AZ, not the local area... but I don't want to mark it as being a specific doctor as it might be a service that other doctors could use, too)

I even had one that was sending me emails and text messages, and it wasn't until less than a week away they finally gave me a contact that wasn't a generic 'university of maryland medical system', and after finally getting a human, was told they had a problem with a new receptionist scheduling patients for appointments without actually calling them.  (and it was a referral, so I was a new patient)

-Joe

(ski patrol, so has to deal with HIPPA, sorta (volunteer so it technically doesn't apply to me, but I try to follow it))
(I can tell people about the injuries I've seen, and I can say who I've seen, but I can't say who had what injuries)



> -----Original Message-----
> From: Code for Libraries <[log in to unmask]> On Behalf Of charles meyer
> Sent: Monday, February 17, 2025 1:32 PM
> To: [log in to unmask]
> Subject: [External] Re: [CODE4LIB] Patient portals
> 
> My esteemed listmates,
> 
> It's my understanding that e-mail and text aren't encrypted, so definitely not HIPPA compliant.
> 
> But, couldn't doctor's offices/hospitals have you sign a form saying that you acknowledge the risk of using unencrypted communications and what information they're allowed to send in what channels
> 
> Better you use an email to confirm the date and time of an appointment than using a PW generator where it could be hacked and now the miscreants can access your patient portal and gather all your health care records.
> 
> We know the patient portals aren't the only way in for miscreants but is it one of the easier way to get healthcare info?
> 
> It's easier than dumpster diving.
> 
> Police detectives and the FBU have shared that most criminals are lazy (and or dumb) so that's why they're criminals. It takes talent and the right temperament to write code so many miscreants could never use their "powers for good and not evil" as they have no special talents.
> 
> Does it take much talent to gain access to a patient's portal records?
> 
> An experienced detective explained to me that many of those using Ransomware never created that software but found it "on the dark web" (chat
> rooms) where they are given step-by-step instructions of how to use the Ransomware created by others.
> 
> We have some patrons who have been really circumspect re: sharing their email addresses and/or phone #s with us just for a library card.
> 
> Others don't want to share their driver's license numbers.
> 
> We're all trying to assess and manage risk but how much do we really know and understand about our or others' vulnerabilities?
> 
> Thanks,
> 
> Charles.
> 
> Charlotte County Public Library
> 
> Caution: This message originated from outside of the Tufts University organization. Please exercise caution when clicking links or opening attachments. When in doubt, email the TTS Service Desk at [log in to unmask]<mailto:[log in to unmask]> or call them directly at 617-627-3376.