Press "Enter" to skip to content

Physician Email Perils

Email has become an inescapable part of modern life. For physicians, reading and responding to emails represents one more task they must squeeze in between patient visits and administrative chores. More than a hundred emails land in my inbox each day — I suspect many physicians receive far more. While one can ignore some emails without severe consequence, others contain essential information. Locating and responding promptly to critical messages is a daily challenge.

Rules and Regulations

The results of the last presidential election highlighted that officials must adhere to regulations that govern email correspondence. Physicians may not realize that significant constraints, both legal and institutional, apply to their daily electronic epistles as well.

Locum Tenens Physicians Beware

During my work as a locum tenens physician, I accumulated email addresses from many different clinics and hospitals. My inbox hosts a collection of .com’s, .org’s, and .edu’s. These include a Yahoo personal email (.com), backup Gmail personal email (.com), Yahoo professional email (.org), hospital email (.org), academic university email (.edu), and Yale college email (.edu). I’ve lost a few others along the way.

I recently tried to view my email from the Mayo clinic where I completed my most recent locums assignment. No luck. It seems my log-in credentials expired. Emails addressed to [email protected] have gone to that great digital inbox in the sky. Oh well.

When Your Email Isn’t Yours

U.S. federal law vigorously protects the sanctity of postal mail. Tampering with letters or even a mailbox is a federal crime. Physicians may be surprised to learn that their work emails do not enjoy the same level of privacy protection as traditional postal mail. Frankly, I was shocked when I discovered that my hospital emails do not belong to me. I found this fine print in my hospital contract:

No Expectation of Privacy: All systems, including hardware and software are the property of the organization and may be recovered at any time without prior notice. Files, documents, emails, photos, and etc. are not the private property of any employee, and users should not maintain any expectation of privacy with the respect to any usage of the Organizational Electronic Systems.

A different hospital required me to sign the following confidentiality agreement, “All of my (hospital name) accounts are subject to auditing and/or monitoring.”

In addition, my current academic institution’s “Email Guidelines and Procedures” states:

Information transmitted or stored on University IT [information technology] resources is the property of the University unless it is specifically identified as the property of other parties … Email accounts may be created, deleted or continued by Information Technology Services as directed by the Chancellor’s Office.

Hello, Big Brother! Your institution owns your emails. They can read or delete them as they see fit. Consequently, private emails should originate from a personal device, such as a cellphone, laptop, or tablet.

HIPAA Penalties

Every physician knows that the Health Insurance Portability and Accountability Act (HIPAA) protects the privacy of patient health information. The Office for Civil Rights (OCR) polices these violations, imposing fines that can reach millions of dollars.

HIPAA protection extends to emails and texts that contain patient information. Hospitals spend buckets of money to ensure that their electronic communications fulfill HIPAA requirements.

Unfortunately, standard Yahoo and Gmail accounts are not HIPAA compliant. To avoid violating HIPAA, physicians must not include patient information such as names and medical record numbers in personal emails or texts, even when it’s in the service of patient care. All electronic communication regarding patients must stay on secure clinic or hospital accounts.


Email is incredibly convenient but creates potential perils for physicians. Close attention to rules and regulations that govern emails will avoid lost emails due to closed accounts, prying eyes into personal emails, and costly HIPAA violations. It may also provide an edge when running for public office.

Andrew Wilner, MD, is a neurologist and blogs at This article is adapted from his latest book, The Locum Life: A Physician’s Guide to Locum Tenens, available on Amazon and Barnes and Noble.


last updated