What are the privacy impacts of patient emails?

Providers can send out emails to patients through Ocean's Secure Online messaging platform, or have automated referral notifications sent out through the Ocean eReferral Network. In order to protect personal health information in the emails between the clinicians using Ocean and the patients who are receiving online messages or referral status updates, Ocean takes a few precautions.

In Online Messages, there is a level of Security Information required to be entered by the patient before they can access the secure message and form(s). This information could be one or more of the following:

  • a password (given to the patient in advance)
  • the patient’s birthdate (pre-populated using data from your EMR)
  • the patient’s health number (pre-populated from your EMR)
  • the patient’s chart ID number in your EMR (pre-populated from your EMR)

If you do not select any option, Ocean will default to using the patient’s birthdate as a minimum requirement.

In Ocean eReferrals, the following precautions are taken:

  • the email used is one either explicitly entered in the Send Referral dialog or on the EMR file
  • the referrer must confirm that the patient has provided informed consent for email prior to sending the referral; if the patient feels no consent was given, this issue should be discussed with the health information custodian (the referring clinician)
  • access to the referral information and personal health information is not available with the email beyond its basic content: patient's first name, referral health service offering, appointment date, time, and location
  • the email only provides a link for the patient to confirm (and possibly cancel in the future), not a link to the actual referral with the personal health information


Have more questions? Submit a request