Wiki e-mail and PHI

[zoolug]

I have read in several places and it seems to be common knowledge that including any private health info in unencrypted e-mail is a violation of HIPAA. But I cannot find any statement to that effect in any goverment document. I have checked the FTC and CMS Web sites. CMS has one answer to an FAQ that says a provider can e-mail PHI when it is related to treating a patient.

Can anyone point me to a definitive document or source? Thanks.

 

[ARCPC9491]

http://www.zixcorp.com/pdf/phi white paper.pdf

I just googled it and found the above link, try that

 

[zoolug]

HIPAA e-mail rule

http://www.zixcorp.com/pdf/phi white paper.pdf

I just googled it and found the above link, try that

Thanks! The document you linked to had a link to the actual HIPAA rule that I was looking for:

http://www.aspe.hhs.gov/admnsimp/FINAL/FR03-8334.pdf