No, I was just joking about the Hotmail bit. ;-)
On 5/13/2010 5:49 PM, Jon Harris wrote:
Do you really think that sending this kind of information thru a
Hotmail/Yahoo/gmail is any better? Maybe to send a link to one of the
secure data transmission methods it would be an idea and maybe a good
idea. No owner information without a lot of digging to find the owner
of the hotmail/yahoo/gmail account.
I would second that if you do this then you have the receiver
call into the office and get the password to the secure vaulted
information or better yet make them come in and get it.
Jon
On Thu, May 13, 2010 at 5:42 PM, James Kerr <[email protected]>
wrote:
You know, I was going to add to my
last email. "I guess we should open a hotmail account for these types
of issues" :-)
-----
Original Message -----
Sent:
Thursday, May 13, 2010 4:51 PM
Subject:
RE: HIPAA Question
Well, you could
always go set up a Yahoo or Gmail account for this sort of thing and in
no way identify the company. J
From: James Kerr [mailto:[email protected]]
Sent: Thursday, May 13, 2010 4:39 PM
To: NT System Admin Issues
Subject: Re: HIPAA Question
I told the
practice manager not to send it because I believed that the email
address itself is PHI and even if you encrypt the data the email
address is still out there as well as ours and we are obviously a
company that deals in HIV/AIDS. I also told her "what if a family
member opens that email that is not aware of this persons status and
the person doesn't want that family member to know?". They are going to
have to find another way.
-----
Original Message -----
Sent: Thursday, May 13, 2010 4:30 PM
Subject: RE: HIPAA Question
True, what you are
emailing is PHI to the email address, that doesn’t always equate to a
human being (Emails can be forged), and thus the release of that
information to someone other than the person that it is truly intended
for, could constitute a breach of Privacy/Security Regulations under
HIPAA.
I would use this as
a guideline, but I would look to your legal/IS compliance department
for more guidance accordingly. This really should be a discussion
between the Doctor and the patient accordingly.
- ePHI
= Electronic Protected Health
Information
- Medical record number, account
number or SSN
- Patient demographic data, e.g.,
address, date of birth, date of death, sex, e-mail / web address
- Dates of service, e.g., date of
admission, discharge
- Medical records,
reports, test results, appointment dates
1)
E-mail is not confidential, nor should it be
utilized to send information of a confidential nature.
2)
E-mails should not be used to communicate
sensitive medical information,
such as information
regarding sexually transmitted diseases, AIDS/HIV,
mental health, developmental disability, or substance abuse.
Hope that helps a
little, honestly, I wouldn’t send it, because there is no assurance
that the person you are sending it to are whom they say they are.
EZ
Edward Ziots
CISSP,MCSA,MCP+I,Security
+,Network +,CCA
Network Engineer
Lifespan Organization
401-639-3505
[email protected]
From: paul d [mailto:[email protected]]
Sent: Thursday, May 13, 2010 3:59 PM
To: NT System Admin Issues
Subject: RE: HIPAA Question
I'm not sure what you mean by "viral load."
However, if that is a lab result, the fact that you're emailing it to
him constitutes PHI (email address). HIPAA, as it is interpreted now,
defines email as an "addressable" not a requirement. But, if something
happened (sent to wrong email, for example), I doubt you could convince
CMS that it wasn't a violation.
You could use Pkzip to encrypt a file with the information and then
email that. The newer versions of pkzip use AES.
From: [email protected]
To: [email protected]
Subject: HIPAA Question
Date: Thu, 13 May 2010 15:22:20 -0400
Guys, I
have a quick HIPAA question. We work with people infected with HIV. A
patient that lives out of state is asking us to email him info about
his viral load. Any suggestions for how to email that info or get that
info to him somehow? If the email content doesn't contain identifying
info, is it ok?
The New
Busy think 9 to 5 is a cute idea. Combine multiple calendars with
Hotmail. Get busy.
|