At Jane, we love to help people understand the technology side of things to make intelligent decisions and give customers confidence that we’re taking privacy and security very seriously. So, grab a cup of tea & get comfortable — we’d like to get into some detailed Q&A here! 🙂
Feel free to jump to each section:
- Are Jane’s emails encrypted?
- Is encrypted email required for personal health information (PHI) and personal identifying information (PII)?
- Is emailing an encrypted PDF possible?
- What information is sent when a receipt is sent from Jane via email to a client?
Financial emails such as invoices, statements, and receipts sent from Jane to clients can be encrypted by turning on the Secure Financial Documents privacy preference within your account. This privacy preference means that Financial documents cannot be accessed by clients without bypassing a second layer of authorization (clinic account sign-in), and no confidential client information is disclosed within the email itself.
For any other emails sent from Jane to your patients, the short answer is that those emails are not encrypted. This is because there is no email encryption standard across different programs that allow people to send end-to-end encrypted emails easily to one another. Both you and your client would need to use the exact same program to send encrypted emails. However, as we know, people receiving allied health care services use their personal email addresses to manage their appointments, so it’s just not possible for most clinics to guarantee that their client could decrypt the email that is sent from Jane — or any software.
Other than financial documents, it’s worth noting that Jane’s email providers use opportunistic encryption when sending emails, if the client’s email provider supports this. This type of encryption ensures that the emails are encrypted in transit between Jane’s email provider and the client’s email provider.
Is encrypted email required for personal health information (PHI) and personal identifying information (PII)?
Ontario’s Privacy Commissioner gives some guidance on this topic; they say to use encrypted email where feasible, but they also make allowances for unencrypted email depending upon a number of factors, including the sensitivity of the information and client expectations. Here’s the full text of their recommendations for Communicating PHI via Email.
It is important to point out that encryption and password-protected emails/receipts are not the same thing. PDF password protection is not very strong. There are websites like this one: https://smallpdf.com/unlock-pdf where you can drag and drop a PDF to remove the password. And it’s also possible that the PDF reader that your client has on their computer won’t be able to decrypt that file.
Jane’s Secure Financial Document feature requires that patients sign in to access their financial documents and is of a higher privacy standard than password-protected PDFs sent by email. We feel strongly that this solution will provide the highest level of privacy for your clients.
Jane is careful, and we do not transmit any sensitive medical information via email. Jane only keeps the basic information in the receipt: the session type, the duration, the cost, the client’s name, the location for the client to attend, etc.
What information is sent depends on the preference you’ve selected!
If “Hide Patient Information from Financial Emails” is selected, then Patients will receive an email with a link that prompts them to log into their patient profile. Once authorized, they will be redirected to the document within their browser which they can view, print, or download. This means that absolutely no sensitive information will be transmitted via email.
If this box is left unchecked, then patients will receive an email with an HTML preview of the document, along with a PDF attachment.
Of course, if you have any questions, please do not hesitate to get in touch with us. Our email is [email protected].