[Mailman-Users] HIPAA compliant?

texas critter - mailman-users texascritter at ditb.net
Thu Apr 22 22:53:43 CEST 2004

Dr. Jones wrote:

> Anyone on the list involved with HIPAA, in healthcare records?
> I am a chiropractor and am wondering about using a mailing list among
> patients, not wanting to create any problems or HIPAA violations.

I don't know the legal ramifications, but here's my two cents.  If it's
just an announcement list, for you to send out health info, absolutely no
problem.  Don't make the member list public, make it just for list admins
and you're fine, there's no disclosure of the other patients at all.  If
you've got email addresses for your patients now, you could send out a one
time message, announcing the list and its purpose and stating that if they
want to join, to go to the website or to send an email to, etc.  After
that, just make sure that when patients fill in their email address on one
of your forms or wherever, that it says that you're going to add them to
your mailing list.

If it's going to be discussion tho, make sure that your patients know, make
it very clear in the initial one time message.  Posting to a discussion
list will reveal the patient's email address and possibly their identity,
home address, phone number, etc. depending on how much info is publicly
tied to their email address.  So just be sure they know it's a discussion
list and that in posting, they may be revealing their identity.  Also, I
suggest making the list confirm + approve, so that you can verify that
people wanting to join are current patients - or if you're going to make it
open to the public, make sure your patients know that.

You might also consider having two lists, one for announcements only and
one for discussion and announcements and on whatever your patients fill in
their email address, add a couple checkboxes for the announcement list and
the discussion/announcement list.

texas critter

EL-M FAQ: http://www.emaillist-managers.com/

More information about the Mailman-Users mailing list