yehster wrote on Tuesday, April 09, 2013:
http://bluebuttonplus.org/privacy.html --> 4. If an individual requests that a provider transmit their Blue Button health information via unencrypted e-mail, may the provider do so?In e-mailing PHI to individuals, covered entities (including health care providers) are required to comply with the HIPAA Security Rule, which, among other requirements, requires implementation of technical security measures to guard against unauthorized access to e-PHI that is being transmitted over an electronic communications network. See 45 CFR 164.312(e). The Security Rule requires encryption when transmitting e- PHI where it is reasonable and appropriate to encrypt the information, and in general, encryption is a reasonable and appropriate measure to safeguard the e-PHI in e-mail transmissions. However, there may be instances where an individual may not want to receive his or her e-PHI encrypted. In these cases, covered entities are permitted to send e-PHI to individuals through unencrypted e-mails if they have advised