- The “Subject” line of an e-mail must never contain HIPAA/PHI information. (e.g. name, SS number, diagnosis, PMHCC or other provider file numbers, etc.; use initials or some other non-confidential wording). E-mail Subject lines cannot be encrypted; therefore sending an e-mail with HIPAA/PHI wording in the Subject line is strictly prohibited. Should an employee attempt to send an e-mail with HIPAA/PHI wording in the Subject line, PMHCC’s technology will not send the entire e-mail message to the recipient and the employee will be notified by the system of the violation.
- All e-mails sent between PMHCC Employees with an @PMHCC.org e-mail address are always sent encrypted regardless of the contents of the e-mail. Employees do not need to do anything special to send HIPAA/PHI information to PMHCC Employees with an @PMHCC.org e-mail address.
- All e-mails sent to @Phila.gov and @Courts.Phila.gov e-mail addresses are always sent encrypted regardless of the contents of the e-mail. Employees do not need to do anything special to send HIPAA/PHI information to @Phila.gov or @Courts.Phila.gov e-mail addresses.
- If an employee is sending an e-mail containing HIPAA/PHI information to an e-mail address other than @PMHCC.org, @Phila.gov, or @Courts.Phila.gov, the employee must include the keyword ‘secure’ in the subject line of the e-mail. The word secure can be in any form (e.g. secure, Secure, SECURE). Here are a few example subject lines:
Secure – here is the information you requested (or)
Here is the information you requested – secure (or)
SECURE – participant information
PMHCC EMPLOYEES - PLEASE REFER TO PMHCC POLICY 1118 - TRANSMITTING HIPAA RELATED INFORMATION USING E-MAIL