Health Information Compliance Alert

Published on Fri Nov 11, 2005 PDF

Question: Our office continues to get more computer and fax-savvy, and this has undoubtedly made the office more efficient. However, we are still making errors when sending e-mails and faxes, causing some unintended violations of patient health information (PHI). Can you offer any advice for all of us to keep in mind for the next time we're doing 100 things at once, and one of them happens to involve electronic transmittal of sensitive PHI info?


Michigan subscriber


Answer: Use these quick tips to eliminate the common compliance errors you describe above:

Tip 1: Get With The Program

You'll decrease the likelihood of touching the wrong numbers if you program regularly dialed fax numbers, says Maggie Mac, a consultant with Pershing Yoakley & Associates in Clearwater, Fla.

But you shouldn't stop there. Check in with your frequent fax recipients regularly to make sure their numbers haven't changed, recommends Jenny O'Brien, director of corporate compliance at Minneapolis, Minn.-based Allina Hospitals & Clinics.

Best practice: Post a "Frequently Faxed" list next to your fax machine so everyone in the office can easily refer to it.

Tip 2: The PHI Stripdown

Unless it's encrypted, e-mail is highly susceptible to interference, points out Margret Amatayakul of Margret AConsulting in Schaumburg, Ill. As long as you are sending unprotected, plain text e-mails, you should not pack those messages with patient health information.

However, there are instances in which a staffer must plug PHI into an e-mail. For example, a doctor calls an outside specialist to consult on a patient with a knee injury. The doc sends the specialist the patient's most recent MRI results.

Try this: Compile a list of PHI identifiers to post by your computer monitor. That way, you can refer to the list as you send e-mails. Make sure your list includes these elements:

• patient's street addresses
• medical record number 
• health plan beneficiary number
• certificate/license numbers 
• vehicle identifier

Tip 3: Follow the Minimum Necessary Rule

Whether sending a fax or an e-mail, your employees must send only the most basic information, Mac says. And they should never fax or e-mail patients' entire medical records.

Whenever possible, you should ask patients to pick up medical records in person. That way, the patient can prove her identity and you can ensure no one intercepts the information before it gets to the patient.

Good idea: Create a convenient request form for medical records that patients can either fill out online or fax in.

It's not hard to eliminate fax and e-mail blunders once you have the right tools. And the more tools you have, the better you'll be at stopping PHI slip-ups before they happen.