What should you avoid when sending emails that include PHI or PII?

When sending emails that include Protected Health Information (PHI) or Personally Identifiable Information (PII), it is crucial to maintain the highest standards of security to protect sensitive information. Including PHI or PII in the subject line or body of the email is highly discouraged because these areas can be easily intercepted or viewed by unintended recipients. Subject lines might be visible in email previews and can be accessed without opening the email, increasing the risk that sensitive information could be disclosed inadvertently. By avoiding this practice, you help ensure that private information remains confidential and secure.

In contrast, utilizing encryption for email security, adding confidentiality disclaimers, and using secure email software are all recommended practices. Encryption protects the content of emails from being read by anyone other than the intended recipient. Confidentiality disclaimers inform recipients about the sensitive nature of the information contained in the email, serving as a warning not to disclose it further. Secure email software is designed to enhance email security measures, further safeguarding data from unauthorized access.