5 Reasons Not to Email Medical Records to PI Firms


Before Mighty launched the first law firm portal software that any medical provider can use to share and receive information (and medical records) from their plaintiff’s personal injury law firms, we spoke with countless medical providers to find out how they were sharing documents with personal injury firms today. Many of them, often with some embarrassment, admitted they still used regular email.


Email is an outdated and insecure method of sharing protected health information (PHI). That’s why many large hospitals and providers use portals - which, until, Mighty, was cost prohibitive for smaller practices. 

While sending records securely and following HIPAA is important, it’s not the only reason to not email to send records. Here are the top five reasons why you should ditch email and move to a more secure method of document sharing.


1) Emailing documents is not HIPAA compliant


Standard email providers like Gmail and Yahoo cannot be relied on to meet the data security standards outlined in the HIPAA Security Rule. 

Email encryption or an equivalent measure must be taken to ensure the security of the documents in transit, but these methods can be costly and time consuming both for you and the receiver who downloads them. 

Prominent HIPAA healthcare attorney Vinay Bhupathy of Sheppard Mullin notes:

“I advise my medical provider clients not to use the standard GMAIL, AOL, or other non-encrypted email services to send patients health records. This is due to two main reasons: (i) increased risks of data breaches due to hacking, phishing, and related digital attacks; and (ii) the 2019 enforcement discretion ruling from Use Department of Health and Human Services which has increasing caps on penalties for providers for violation of HIPAA based on the level of culpability. Due to the substantial development and maintenance costs which can be associated with custom encryption solutions, I frequently recommend clients look for plug and play solutions with reputable providers that can provide security at a reasonable cost. ”


2) Once you hit send, you can’t un-send


You can’t take back an email. If you make a mistake and send a patient’s PHI to the wrong firm, the firm will have that information forever. Email makes this kind of slip-up way too easy.  Law firm portals don’t have this problem because documents are stored in a shared location that the provider controls. If you accidentally give the wrong firm access to a patient’s bills and records, you can easily revoke access immediately before anyone has had the chance to access it.

3) Law firms often ask for the same documents to be sent multiple times


Stop me if you’ve heard this story before (or, well, scroll down): you’ve sent the same document to a firm three different times and yet this new paralegal still can’t find it. It’s annoying when this happens, but we’ve all been there; combing through our inbox trying to find an old email, running every search we can think of, then just getting frustrated and asking someone to send it again.

And life becomes even more complicated if you need to correct records or replace one record but not all records. Email just isn’t a good place for document storage. It’s hard to search in through, and the options for sorting are limited.

4) It’s not always clear who you should email


Email is a very good tool for communication between two individuals and a very bad tool for collaboration between organizations. If you email all of your patients’ documents to one case manager at a firm, what happens when that case manager leaves? How do you know that the paralegal on the last case you sent documents to is the same paralegal on this case? Most likely, you’ll have to guess where to send it or wait for someone at the law firm to ask.


5) Law firms don’t like email


If you rely on law firms for referrals or want to, it should be no surprise that law firms like to work with providers that are easy to work with. In a survey of personal injury firms, almost every law firm reported frustration with the inefficiency of their communication with medical providers.  It turns out that email is not only commonly used by providers to send medical records but also to get case status updates, to update treatment status, to track referrals providers make and more. Law firms waste countless time and money emailing back and forth with providers and wish there was a better solution to standardize their communications with providers.   

Post by

Kevin Palermo

Get 1 email per week with industry news and tips for growing your business

Oops! Something went wrong while submitting the form. Please reload the page and try again or email us at hello@mighty.com