Email and Private Health Information

January 26, 2011  |  Barna, Guzy & Steffen, Ltd.

A Minnesota man left the snow-filled streets of Minneapolis for a vacation in Puerto Rico. His wife was on a business trip and was planning to meet him there the next day. When he reached his hotel, he decided to send his wife a quick email.
Unfortunately, when typing her address, he missed one letter, and his note was directed instead to an elderly preacher’s wife whose husband had passed away only the day before. When the grieving widow checked her email, she took one look at the monitor, let out a piercing scream, and fell to the floor in a dead faint. At the sound, her family rushed into the room and saw this note on the screen;
Dearest Wife,
Just got checked in. Everything prepared for your arrival tomorrow.
P.S. Sure is hot down here

This is an old tale reminding us of the importance of email accuracy and security. While electronic mail has become second-nature to most of us, we should strive to be more aware of private issues being transmitted over the internet. This is especially important when requesting and transmitting a client’s protected health information (PHI) for review. The requirement to protect the privacy of PHI extends to electronic transmission of PHI between two parties, such as an email message or file accessible to both parties. The law requires the individuals and organizations it regulates to assess the risks of using email and to take steps to reduce or eliminate risks that using email, both internally and externally, poses. Those risks include all unauthorized interception of messages in transmission and receipt of messages by unauthorized persons (as unfortunately happened with the preacher’s wife).
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) implemented new rules for the healthcare world. Mandating compliance with its Privacy and Security Rules, the federal government is committed to enforcing patients’ rights.
HIPAA email security applies specifically to protected health information, not just personal information. PHI as defined in HIPAA language, is health information of an identifiable individual that is transmitted by electronic media; maintained in any electronic medium; or transmitted or maintained in any other form or medium. For example, all administrative, financial, and clinical information on a patient is considered PHI.
Here at Barna, Guzy & Steffen, Ltd. we strictly adhere to the laws that grant every individual the right to the privacy and confidentiality of their health information. Protected Health Information is subject to an individual’s rights on how such information is used or disclosed. While risks are inherent to any business, we utilize secure and reliable information systems to help protect private client data from being lost or accessed by unauthorized users.