Got direct messaging through your EHR? Don’t think you need secure email? Think again. Secure email has benefits you may not have considered.
At first glance, messages in an electronic health records (EHR) system and secure email seem to do the same things. They both allow direct online communication between healthcare practitioners and clients. They also offer added security measures to keep conversations confidential.
But these tools are not exactly alike. There are important differences that, if missed, could impact your practice’s efficiency and security.
Although email is private, it isn’t always secure. Popular services like Gmail or Outlook typically only provide basic protection. Secure email goes above and beyond with additional defenses.
Secure email safeguards messages while on the move and when in storage. The best services protect both the sender and receiver’s messages.
For example, with Hushmail for Healthcare, emails are kept on a secure webpage, a kind of online vault.
But just because it’s secure doesn’t mean it’s difficult to use.
Secure email has the same features as regular email. It supports attachments and automated communications like out-of-office replies. It also has “CC”, “BCC” and “Subject” fields, and room to write as much text as you like.
Although EHR systems primarily store client information, many also offer messaging services. These allow practitioners to communicate directly with clients or team members.
Like secure emails, most EHR systems store communications in a locked online space. Messages are safeguarded for both the sender and receiver.
However, in most cases, EHR messages look more like texts than emails. As a result, communications are usually brief and to the point.
Despite the similarities, it’s important to remember that EHR messages and secure email are not the same tools. Although they both help healthcare practitioners communicate online, they function differently.
In your personal life, you may use text to communicate with friends and family, but you likely still use email on a daily basis as well. This is because they meet different needs. Texting is great when you have something brief to say quickly. Email is better for sending less urgent, longer, and more detailed messages.
But the format isn’t the only difference between EHR messaging and secure email. The audiences and included features are also distinct.
| EHR messaging | Secure email | |
| Highly protected communications | ✅ Yes | ✅ Yes |
| Communicate with clients | ✅ Yes | ✅ Yes |
| Communicate with potential clients | ❌ No | ✅ Yes |
| Communicate with insurance providers or other third parties | 🟡 Sometimes | ✅ Yes |
| Send attachments | 🟡 Sometimes | ✅ Yes |
| Automated responses | 🟡 Sometimes | ✅ Yes |
| Include “CC,” “BCC,” and “Subject” fields | ❌ No | ✅ Yes |
While most EHR systems restrict communication to clients and team members, secure email allows you to send messages to any email address.
Consider all the individuals outside your EHR with whom you frequently exchange sensitive information:
Steph Milne, Hushmail Sales Manager, described EHR communication as a closed system. “A closed system means you cannot communicate with other practices or associates like lawyers, insurance, or billing companies,” she said.
Potential clients are another group that cannot be reached using EHR messaging. But reaching out to them is no problem with secure email.
Clinical sexologist Dr. Josh Littleton often emails prospective clients to learn more about their desire for therapy and insurance coverage. Secure email helps make the process quick and easy while safeguarding this sensitive information.
Using only an EHR to send secure messages online limits your options. Without secure email, you are left with phone, fax, mail, or email that isn’t secure. Using these methods of communication may increase your administrative burden and the likelihood of a security breach.
Secure email supports HIPAA compliance
Even though EHR messages are usually HIPAA-compliant, skipping secure email could put your practice at risk of a HIPAA violation.
The HIPAA security rule states that practice owners must assess the risks of using electronic tools to store and communicate protected health information (PHI). Once aware of the risks, practice owners are expected to take steps to reduce them.
Since most regular email providers only offer a basic level of security, sharing PHI on those platforms could be considered a HIPAA violation.
Even seemingly innocuous details like someone’s name, phone number, or general state of health are considered to be PHI. If you are sending or receiving this information by email, you should take steps to keep it secure.
Opting for secure email through a HIPAA-compliant provider could help demonstrate your observance of HIPAA regulations in the event of an audit. Using secure email could also aid in reducing the risk of PHI being leaked or stolen and the increased oversight or fines that could follow.
Using secure email isn’t only important from a regulatory standpoint. It can also help boost client trust in you and your services. When you email potential clients on a secure platform, it sends a clear message that you take their privacy seriously.
Another essential difference between secure email and messaging through an EHR is the ability to attach documents. Most EHR messages don’t have this capability, but secure email does.
“Secure email allows more options for sending content including documents, records, and pictures,” explained Milne.
Of course, you can share documents with others in your EHR space. But if you want to send files to anyone outside the system, you must find another way. This means risking regular email, faxing documents, or mailing them. None of these options are ideal. As discussed, using regular email could be considered a HIPAA violation. Faxing can be error-prone, and mail takes days.
Secure email doesn’t just save time; it helps you spend it wisely. It can also help clients understand you and your schedule better.
Since most EHR messages look and feel similar to texts, clients may expect rapid responses.
According to Milne, “Clients could be sending quick messages at all times of the day, waiting for a reply, and not realizing the professional is not online. This blurs the boundaries and could create bad rapport.”
This added pressure can increase stress. You may feel the need to check your EHR whenever you have a spare moment to ensure you aren’t missing anything.
Time management can become a problem as a result. You may find yourself responding to messages during hours earmarked for other tasks or late into the evening. The lines between work and personal time may get fuzzy.
In contrast, secure email requires less urgency. People don’t usually expect emails to be answered right away, so they are more understanding when one goes unanswered for a couple of days.
Secure email also has features to help you manage client expectations and set boundaries around your time. The automated response feature informs others when to anticipate a response from you. Whether you use it to tell clients that you only check emails on Monday, or that you’ll be away on vacation, managing expectations this way puts you in charge of your time. It can also help to improve relationships with your clients and anyone else you correspond with.
Whether or not you have an EHR, secure email is an essential component of running a healthcare business. It can save you time and hassle while helping you maintain an ethical and HIPAA-compliant practice.
Interested in secure email? Find out more.
Everything you need to know about HIPAA-compliant email and how to choose a secure email service for your therapy practice.
Our message center is the communication hub between you and your clients. There they can send and receive secure email and web forms from you, and...
You can control how you manage your Hushmail email. Here are some tips that will help you customize your secure email experience.