Confidentiality, Privacy and Security

Email Disclaimers

  • 1.  Email Disclaimers

    Posted 09-10-2019 12:53

    I am trying to find the rule or regulation that requires we add an email disclaimer on emails. Some staff at my agency do not think it is necessary to add a disclaimer to emails. I think we should keep the disclaimer to comply with HIPAA and the HIPAA Security Rule. Is there any specific wording that needs to be in the disclaimer? I know I have seen this information but cannot put my hands of the rules and regulations to justify my case. This is our wording now:

    This electronic mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient or the person responsible for delivering the electronic mail to the intended recipient, be advised that you have received this electronic mail in error and that any use, dissemination, forwarding, printing, or copying of this electronic mail is strictly prohibited. If you have received this electronic mail in error, please immediately notify the sender by return mail and delete the erroneously delivered message from your electronic or other files immediately.

    Would love to see what others are using as their email disclaimers.


    Frances Robertson
    Records Manager/Privacy Officer

  • 2.  RE: Email Disclaimers

    Posted 09-11-2019 12:39
    Hi Frances,
    To the best of my knowledge, nowhere in the HIPAA Rules is there a requirement to add email disclaimers.  That doesn't mean that there may be other sources that require it, but I know of nothing in HIPAA specifically.  In fact, there is an ongoing debate as to the value of email disclaimers and whether they offer any protection.  Here is a link to a recent blog that speaks to this in more detail if you are interested in additional perspectives  Note that I am not suggesting you eliminate the use of them, and you should always follow your corporate policy on the use of disclaimers.

    Hope that helps.

    Wes Morris, CHPS, CIPM, HCISPP
    Managing Principal Consultant
    Clearwater Compliance, LLC

  • 3.  RE: Email Disclaimers

    Posted 09-12-2019 09:44
    I agree with Wes.  I do not know of anything requiring an email disclaimer.  I have seen people build the disclaimer into their email system for outgoing emails only and the user does not have to add it to their signature line.  Remember, if you change your process change your policy.  That's the number one thing I find people forget to do.

    Good luck!

    DeAnn Tucker
    HIM Director & Privacy Officer
    Houston Physicians' Hospital