No, it's absolutely is not a HIPAA violation if the patient requests email communication. But it's a common myth.
A patient can consent to receive protected health information over email or other unsecured channels as long as they are informed of the risks and consent anyways. Patients are allowed to communicate about their own health to whoever they want to in whatever manner they want.
Myth 3: HIPAA prohibits email communication with patients about clinical matters.
Fact: You can send protected health information by email, but you must implement safeguards under the security rule to ensure the information is secure, accessed only by authorized individuals, and not altered, edited, or deleted. The best way to do this is to encrypt your emails; however, patients have the right to request access to their own information via unencrypted email. You may send patient information by unencrypted email if you have advised the patient of the risks and the patient still prefers unencrypted email.
It's definitely not. As a patient, I can do whatever I want with my medical records. I can copy them right out of MyChart and put it on my blog if I want to. I feel like I should have the right to sign a form saying they can email me.
Agreed, I often email results to my spouse so they can review as well. I don't think many health care systems permit spousal access to results (although I can see my young kids' data).
My comment was implied aspirationally. US legal issues may (or may not, see sibling comments) prevent a provider from sending health info via email. If it was/is allowed, I think many would like to opt in (but never the default).
As I understand HIPAA (I'm not a lawyer), the patient can send info to the provider via email. In fact, since my last comment I emailed a test result of mine to my doctor (in the US).
Outside the US, email is sometimes used. I've had a couple non-US doctors send me my health data via email. I don't know which foreign laws applied, but I assume they were permitted to do so.
