Do you really think that sending this kind of information thru a Hotmail/Yahoo/gmail is any better? Maybe to send a link to one of the secure data transmission methods it would be an idea and maybe a good idea. No owner information without a lot of digging to find the owner of the hotmail/yahoo/gmail account.
I would second that if you do this then you have the receiver call into the office and get the password to the secure vaulted information or better yet make them come in and get it. Jon On Thu, May 13, 2010 at 5:42 PM, James Kerr <[email protected]> wrote: > You know, I was going to add to my last email. "I guess we should open a > hotmail account for these types of issues" :-) > > ----- Original Message ----- > *From:* John Aldrich <[email protected]> > *To:* NT System Admin Issues <[email protected]> > *Sent:* Thursday, May 13, 2010 4:51 PM > *Subject:* RE: HIPAA Question > > Well, you could always go set up a Yahoo or Gmail account for this sort > of thing and in no way identify the company. J > > > > [image: John-Aldrich][image: Tile-Tools] > > > > *From:* James Kerr [mailto:[email protected]] > *Sent:* Thursday, May 13, 2010 4:39 PM > *To:* NT System Admin Issues > *Subject:* Re: HIPAA Question > > > > I told the practice manager not to send it because I believed that the > email address itself is PHI and even if you encrypt the data the email > address is still out there as well as ours and we are obviously a company > that deals in HIV/AIDS. I also told her "what if a family member opens that > email that is not aware of this persons status and the person doesn't want > that family member to know?". They are going to have to find another way. > > > > James > > ----- Original Message ----- > > *From:* Ziots, Edward <[email protected]> > > *To:* NT System Admin Issues <[email protected]> > > *Sent:* Thursday, May 13, 2010 4:30 PM > > *Subject:* RE: HIPAA Question > > > > True, what you are emailing is PHI to the email address, that doesn’t > always equate to a human being (Emails can be forged), and thus the release > of that information to someone other than the person that it is truly > intended for, could constitute a breach of Privacy/Security Regulations > under HIPAA. > > > > I would use this as a guideline, but I would look to your legal/IS > compliance department for more guidance accordingly. This really should be a > discussion between the Doctor and the patient accordingly. > > > > - *ePHI **= Electronic Protected Health Information* > > > - Medical record number, account number or SSN > - Patient demographic data, e.g., address, date of birth, date of > death, sex, e-mail / web address > - Dates of service, e.g., date of admission, discharge > - *Medical records*, reports, *test results*, appointment dates > > > > > > 1) E-mail is not confidential, nor should it be utilized to send > information of a confidential nature. > > 2) E-mails should not be used to communicate sensitive medical * > information*, such as *information* regarding sexually transmitted > diseases, AIDS/*HIV*, mental health, developmental disability, or > substance abuse. > > > > Hope that helps a little, honestly, I wouldn’t send it, because there is no > assurance that the person you are sending it to are whom they say they are. > > EZ > > > > Edward Ziots > > CISSP,MCSA,MCP+I,Security +,Network +,CCA > > Network Engineer > > Lifespan Organization > > 401-639-3505 > > [email protected] > > > > *From:* paul d [mailto:[email protected]] > *Sent:* Thursday, May 13, 2010 3:59 PM > *To:* NT System Admin Issues > *Subject:* RE: HIPAA Question > > > > I'm not sure what you mean by "viral load." However, if that is a lab > result, the fact that you're emailing it to him constitutes PHI (email > address). HIPAA, as it is interpreted now, defines email as an > "addressable" not a requirement. But, if something happened (sent to wrong > email, for example), I doubt you could convince CMS that it wasn't a > violation. > > You could use Pkzip to encrypt a file with the information and then email > that. The newer versions of pkzip use AES. > ------------------------------ > > From: [email protected] > To: [email protected] > Subject: HIPAA Question > Date: Thu, 13 May 2010 15:22:20 -0400 > > Guys, I have a quick HIPAA question. We work with people infected with > HIV. A patient that lives out of state is asking us to email him info about > his viral load. Any suggestions for how to email that info or get that info > to him somehow? If the email content doesn't contain identifying info, is it > ok? > > > > James > > > > > > > ------------------------------ > > The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with > Hotmail. Get > busy.<http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5> > > > > > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
<<image002.jpg>>
<<image001.jpg>>
