For many people, it is. Email can be time and energy efficient, immediate, and an easy way to share information and documents. And in many respects, email is more secure than other forms of communication.
However, email is not a fool-proof system.
It still poses privacy and security risks for your organization, employees, and clients, depending on how you use it.
A good rule of thumb is that you should only email (or fax, for that matter) personal information that you would feel comfortable discussing over the telephone. You should not fax or email sensitive personal information unless it is absolutely necessary, and only send it when you have some safeguards in place (like in a password-protected document, for example).
If you collect and store your clients' email addresses, be sure they are as protected as any of their other personal information. Also, be sure you only use the email addresses for the express purposes for which you gathered them.
Be judicious when using email as a means for your clients to communicate with you. Email poses a number of challenges in this regard, including:
- It can sometimes be difficult to confirm the client's identity in an email request
- Due to the immediate nature of email, it is sometimes problematic managing clients' expectations for response times
- The content of an email can be misinterpreted, which can lead to poor client services
- Not everyone is comfortable using email, which would open the door to claims of preferential treatment
Therefore, be sure to explore the benefits, risks, and mitigation strategies before you implement email with your clients. Make sure that your policies, procedures, and education – for both your staff and you clients – include notices of confidentiality, collection, privacy and security, timeliness, and clarity of communication.
Important notes on email use:
- Some businesses may be required to complete a threat risk assessment (TRA) or privacy impact assessment (PIA) before using email as part of their communication with clients.
- Remember, if you lose an email address or if email addresses are used for different purposes than stated when they were collected, this may be considered a privacy breach.
- Be aware the legislation around email use has changed. For example, be sure that your email newsletter sign-up involves a double opt-in process, instead of an opt-out process, to avoid a hefty fine. For more information about recent CASL legislation, see “Got Consent?”
Debating between using email or fax? Check out our blog post “Fax vs. Email Debate in Clinical Practices”
Keep your email safe with these tips from NCASM, “The Simple Email Trick That Identity Thieves Hate”
- Before you share your email address with an organization, do you understand how it is going to be used?
- Review your organization's policy on external email usage with clients.
- If your organization collects client email addresses, do you have appropriate safeguards to keep them confidential and secure?
- See Information Managers Document Management Tip for a sample policy “Provider – Patient Email Communications Outline for Discussion.”
- Watch the video, “Email Problem or Opportunity with Jean Eaton” with ChiroSecure.