Can I send PHI in an unencrypted communication to someone other than the individual, such as a healthcare provider?

Probably not. The transmission security standards in the HIPAA Security Rule still apply, and it will rarely be reasonable or appropriate to send PHI over unencrypted channels when safer options exist, such as in-app messaging. HHS has been clear that sending an individual their own PHI is one of the rare exceptions. Again, consult an attorney if you have specific legal questions.


Did this page help you?