What is the best course of action when a hospital policy forbids sending Protected Health Information (PHI) via email?

Following hospital policy, especially regarding the handling of Protected Health Information (PHI), is essential to ensure compliance with privacy regulations such as the Health Insurance Portability and Accountability Act (HIPAA). When a policy explicitly forbids sending PHI via email, it is in place to protect sensitive patient information from potential breaches and unauthorized access.

Opting to follow the hospital's policy demonstrates a commitment to upholding the standards and procedures designed to safeguard patient privacy. This decision also minimizes the risk of exposing PHI to cybersecurity threats present in unencrypted email communications. Instead of sending the information via email, finding an alternate, secure method of communication that aligns with the policy ensures the institution operates within compliance guidelines.

Choosing not to submit the results at all could lead to lapses in care or delays that could adversely affect patient outcomes, which is why identifying an alternative approach is crucial. Notifying a supervisor to request an exception could hinder the process and is not advisable unless there is a clear, justified need to deviate from established policies. Additionally, exceptions to policy can lead to increased risk and should be approached with caution.

By adhering to the policy and seeking secure alternatives, the integrity of patient data and the institution's compliance standing are maintained.