Health Information Compliance Alert
Is Faxed Information Considered ePHI?
PDF
Question: If we fax a document containing a patient’s medical information from one place to the other and it goes to the wrong location, is that considered electronic protected health information (ePHI)?
Answer: If the document is simply going through a straight fax machine to another, that’s not considered ePHI, answers Jim Sheldon-Dean, founder and director of compliance for Lewis Creek Systems, LLC in Charlotte, VT.
Still, this situation is considered a breach, although it basically winds up being a Privacy Rule violation, Sheldon-Dean says. And so in this case, you had information that went to the wrong location, which means you had an improper disclosure.
This is the kind of situation that you would need to report to the individual and to the U.S. Department of Health and Human Services (HHS) as a small breach that affects just one individual, Sheldon-Dean instructs.
But if the document originated from a computer to a fax server and was faxed to the wrong location, this is considered ePHI, Sheldon-Dean warns. When you have a computer-generated document going into a fax server, you must treat that as electronic information under the Privacy and Security Rules.
Health Information Compliance Alert
- Case Study:
How Much Could You Pay For Your BA's Mistakes?
Why you’re increasingly at risk for breach-related private lawsuits. Finger-pointing will get you nowhere when [...] - Update Your 'Pre-Existing' BAAs Now
Focus on 3 BAA terms that can increase your liability. While you’re pondering your business [...] - Quiz:
Test Your HIPAA Knowledge With This Quick Quiz
What’s the first step in securing your office’s network and hardware infrastructure? How much does [...] - Reader Question:
Is Faxed Information Considered ePHI?
Question: If we fax a document containing a patient’s medical information from one place to the [...] - Reader Question:
What To Do When Another Provider Refuses To Release Records
Question: We’re treating a new patient and need to obtain the patient’s prior treatment records. The [...] - Reader Question:
'Consent' Vs. 'Authorization' -- What's The Difference?
Question: Under the HIPAA Privacy Rule, what is the difference between “consent” and “authorization?” Answer: The term [...] - Enforcement News:
Check Out The New Risk Assessment Tool For iPad & Windows
Plus: Get ready now for the next series of HIPAA audits. Do you need help [...]