|HIPAA does not prohibit sending patient information through e-mail; however, HIPAA does require that you take reasonable precautions to protect the confidentiality of patient information. Due to the privacy and security risks that exist with using e-mail for communication, we recommend that you avoid sending patient information in this contact form if there is another reasonable alternative that can be used. If it is necessary to send patient information by e-mail, it should be limited to only that information which is necessary. We recommend not including patient names when possible and using medical record numbers instead, just in case the e-mail is accidentally sent to the wrong person. While e-mail that is sent internally to BDCH is encrypted, any e-mail messages going outside of the organization are not encrypted and have the same effect as sending information through the mail on a postcard.