Email Security

RISKS OF USING EMAIL

Coastal Pacific Dermatology Inc. offers patients the opportunity to communicate by email. However, before patients elect to communicate with Coastal Pacific Dermatology Inc via email, patients should consider the risks involved in transmitting patient information by email. These risks include, but are not limited to, the following:

  • Email can be circulated, forwarded, and stored in numerous paper and electronic files. Email can be immediately broadcast worldwide and be received by many intended and unintended recipients.

  • Email senders can easily misaddress an email.

  • Email is easier to falsify than handwritten or signed documents.

  • Backup copies of email may exist even after the sender or recipient has deleted his or her copy.

  • Employers and on-line services have a right to archive and inspect emails transmitted through their systems.

  • Email can be intercepted, altered, forwarded, or used without authorization or detection.

  • Email can be used to introduce viruses into computer systems.

  • Email can be used as evidence in court.

COASTAL PACIFIC DERMATOLOGY SECURITY MEASURES

  1. Paubox encryption: HIPAA compliant and HITRUST CSF certified email

  2. Google Workspace: HIPAA compliant platform with Business Associates Agreement

CONDITIONS FOR THE USE OF EMAIL

Coastal Pacific Dermatology (CPD) will use reasonable means to protect the security and confidentiality of email information sent and received. However, because of the risks outlined above, we cannot guarantee the security and confidentiality of email communication, and will not be liable for improper disclosure of confidential information that is not caused by our intentional misconduct. Thus, patients must consent to the use of email for patient information, including agreement with the following conditions:

  1. CPD may forward emails internally to CPD staff and agents as necessary for diagnosis, treatment, reimbursement, and other handling. CPD will not, however, forward emails to independent third parties without the patient’s prior written consent, except as authorized or required by law.

  2. The patient is responsible for informing CPD of any types of information the patient does not want to be sent by email.

  3. The patient is responsible for protecting his/her password or other means of access to email. CPD is not liable for breaches of confidentiality caused by the patient or any third party.

  4. CPD shall not engage in email communication that is unlawful, such as unlawfully practicing medicine across state lines.

  5. It is the patient’s responsibility to follow up and/or schedule an appointment if warranted.

INSTRUCTIONS

To communicate by email, the patient shall:

  1. Limit or avoid use of his/her employer’s computer or any publicly accessible computer.

  2. Immediately inform CPD of changes to his/her email address.

  3. Take precautions to preserve the confidentiality of emails, such as using screen savers and safeguarding his/her computer password.