Is regular email a secure messaging tool?

October 1, 2019

recent breach has brought the risks of emailing (e.g., Gmail, Hotmail, Shaw, etc.) personal health information to the forefront. What appears to be a secure and convenient tool has many potential risks that can result in the exposure of personal health information and along with that, liability issues for physicians.

Know the risks

Efficient communication is critical to coordinate care between health care providers and patients. Emailing and texting are appealing for a number of reasons, including their widespread use, instantaneous nature, and ability to exchange messages with others regardless of email or text platform.

While appropriate for everyday use where the exchange of information is at a level where a breach would not involve the exposure of personal information, emailing and texting, similar to faxing, are not considered secure messaging tools and carry a moderate risk of a data breach occurring.

As the custodians of patients’ personal health information, physicians are obligated by legislation and standards of practice to not only protect the data but also ensure that any exchange or sharing of data is performed with the utmost security in mind.

There are a number of security concerns and risks that are inherent to email that can lead to exposure of patient data, such as:

  • Emails and texts sent to the wrong address.
  • Ability to alter messages before forwarding to another recipient.
  • Relative ease for hackers to intercept emails and expose content.
  • Storage of texts on mobile devices.

Mitigate the risks

When using electronic communication, share only the minimum required amount of personal data to allow quality care and avoid mixing personal and clinical electronic platforms. Users should know the inherent risks and if possible use secure messaging solutions which are becoming more widely available and have proven successful in addressing these concerns and minimizing risks with:

  • Authenticated and registered users so there is no need to rely on email addresses.
  • Encrypted and tracked messages
  • Robust audit capabilities
  • Secure, off-site data storage

There are several viable secure messaging solutions available to physicians in Alberta. We suggest speaking with your peers on the solutions in place in their practices; the April 2016 AMA Billing Corner (page 10 – 11) provides some guidance on choosing a solution.

In order to help our members make informed decisions about secure messaging solutions, the Alberta Medical Association is considering compiling a list of unendorsed secure messaging options for members.

The challenge with these solutions is that they do not work together; in order to communicate with others, including patients, you must be using the same solution. This challenge has discouraged the uptake of secure messaging and caused physicians to rely on insecure methods such as email and text.

We are working with others to bridge this gap. In the interim, if you continue to use email or text, you can help improve the security of your electronic communications by ensuring that:

  • Personal health information is not in the body of the text.
  • Attachments are encrypted and password-protected.
  • Recipients (i.e., patients and physicians) have agreed to communicate electronically.
  • Where possible use separate platforms for personal and clinical exchanges.

Additional information

The following materials from the AMA, Canadian Medical Protective Association and Office of the Information and Privacy Commissioner of Alberta contain advice and guidance on some of the risks and considerations of electronic communications:

Advisory for Communicating with Patients Electronically 
(Updated) June 2019 - Office of the Information and Privacy Commissioner of Alberta

Danger, Will Robinson! Danger! It’s just a matter of time before our current health care e-communication methods fail 
May-June 2017 - Alberta Doctors’ Digest

Using electronic communications, protecting privacy
(Revised) January 2016 - CMPA Duties and responsibilities

The AMA advances patient-centered, quality care by advocating for and supporting physician leadership and wellness.