HIPAA Blog

[ Thursday, August 01, 2013 ]

 

Doctors and Email: A favorite topic of mine.  Unless you are absolutely certain you have dotted all of the i's and crossed all the t's, and seriously considered the HIPAA ramifications if you get it wrong, DO NOT EMAIL WITH PATIENTS.  Here's a pretty good example of what can go wrong: the patient you are trying to contact isn't at the email address you are using, but a newspaper reporter is.  See how problematic that can be?  Each one of these is a HIPAA breach; under the Omnibus Rule standards for breach reporting, many of these are probably reportable.  At the very least, the covered entity is obligated to do a risk analysis and try to mitigate (in the last example given, the covered entity clinic did not even try to recover the breached data or ask the improper recipient to destroy the email). 

Jeff [10:58 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template