Health Information Compliance Alert
Is Sending An Unencrypted Email An Automatic Breach?
PDF
Question: If we use unencrypted email to send a message with a patient’s protected health information (PHI) to another doctor’s office, is that a reportable breach?
Answer: Unfortunately, there’s no clear-cut decisive answer to this, says Jim Sheldon-Dean, founder and director of compliance for Lewis Creek Systems LLC in Charlotte, VT. “I see plenty of reports of breaches that are taking place that involve this kind of communication.”
Many lawyers will say that the proper way to interpret a situation where you’ve sent an unencrypted email containing PHI is as a breach, Sheldon-Dean notes. And beyond the unencrypted email itself, you need to understand that these messages wind up on email servers and can remain there for quite some time after you send or read the messages.
Bottom line: “In that case, the information winds up being maintained and isn’t necessarily being secured,” Sheldon-Dean warns. “So you want to avoid … using those kinds of services as much as possible unless you use a secure version. Otherwise, you’re leaving yourself open to a violation.”
Health Information Compliance Alert
- Case Study:
Don't Cut Any Corners In Your Security Rule Compliance Practices
The road to a data breach is riddled with (fixable) security potholes. Taking a lax [...] - Learn 7 Big Lessons From HIPAA Breaches
Tip: Don’t forget about physical safeguards for your paper records. Data breaches and exposure of [...] - Risk Assessment:
Understand The 6 Major Risk Categories For Your Risk Assessment
And check out 10 other risk areas that you shouldn’t overlook. You may feel like [...] - Tool:
Use This Cheat-Sheet To Mitigate Your Security Risks
Don’t forget about organizational requirements like business associate contracts. Security Rule compliance may seem overwhelming [...] - Reader Question:
Which Comes First: Compliance Or Strategic Risk?
Question: Should our internal audit focus on compliance or strategic risks? Answer: “It depends,” answers Susan Ulrey, [...] - Reader Question:
Is Sending An Unencrypted Email An Automatic Breach?
Question: If we use unencrypted email to send a message with a patient’s protected health information [...] - Reader Question:
How Can You Make Continuous Monitoring Feasible?
Question: What is the best way to develop a more continuous monitoring approach to our internal [...] - Enforcement News:
When HIPAA Trumps State Law Privacy Claims
Plus: Identity theft hackers could open you up to an investigation by the IRS and [...]