The following article, written by Jon Neidiz, a partner in Nelson Mullins Riley & Scarborough’s Atlanta office and co-leader of the Firm’s Information Management Practice, is a useful short summary for those considering HIPAA privacy issues in the context of email – and RPost’s email encryption service. Key to using email encryption for compliance with regulations is ensuring that the sender organization has an auditable proof record of compliance – the focus of RPost’s email encryption service that is accomplished by return Registered Receipt email to the sender’s organization. Neiditz’s article follows:
An Attempt to Clarify the Use of Electronic Signatures and Electronic Delivery for HIPAA-Required Patient and Beneficiary Authorizations, Notices and Acknowledgments
By Jon Neiditz
My friends in the e-commerce world tell me that they continually run into representatives of HIPAA-covered organizations – usually providers – who maintain that HIPAA simply does not permit them to get electronic agreements to HIPAA authorizations or electronic acknowledgements of HIPAA privacy notices. I am happy to state emphatically that their belief is both false and ironic, which distinguishes it from many of the unintended consequences of HIPAA, that are instead true and ironic. HIPAA’s ironically titled “Administrative Simplification” provisions were intended to enable some electronic transactions between providers and health plans. However, by requiring some standard transactions that many providers had trouble implementing, a true and ironic consequence of HIPAA’s attempt to encourage electronic transactions was to force those providers into using paper for those same transactions.