HIPAA regs in relation to mailing PHI

trarut

Expert
Messages
309
Location
Columbus, OH
Best answers
0
I have a bit of a weird question for y'all: Are there any regulations in HIPAA that mandate the type of mailing envelope used when sending documentation to a payer via USPS? I don't recall this being mentioned in any of the HIPAA training I've done.

In the past, I've always used your basic kraft mailing envelopes, securely sealed, for mailing things like claims, claim adjustments, appeals, etc. The organization I currently work for is spending an inordinate amount of money on Tyvek mailing envelopes for these same items (although there doesn't seem to be a problem using regular #10 envelopes for similar mailings). We are looking at office supply costs and the Tyvek's cost about 5 times the amount of standard security-lined mailing envelopes of the same size.

Thanks,
Tracy
 

thomas7331

True Blue
Messages
2,407
Best answers
5
As I understand HIPAA, paper records do not fall under the same security regulations that electronic data does, but the privacy law still requires that providers 'apply reasonable safeguards'. The regulations do not get down to a greater level of detail than this in how paper PHI should be protected. I'm not aware of any regulation that specifically requires what types of envelopes be used, and have never heard of any case of a provider being challenged or accused of not applying 'reasonable safeguards' due to not using certain envelopes.
 

csperoni

Expert
Messages
454
Location
Selden
Best answers
1
I agree with Thomas. I have never heard that you cannot use a paper envelope to mail PHI.
I will note I recall hearing of an issue with WINDOW envelopes. There have been breaches with mass mailings in a window envelope that also revealed other information, like ID#, testing, etc. Window envelopes are not prohibited, you just have to ensure nothing else can be seen through the window.
 
Top