“PHI Warnings” In Communications — A Potential Source Of Unintended Security Breach?

September 30, 2010Articles Compliance Helper Blog

Jack Anderson, CEO Compliance Helper, reposted Elizabeth Litten and Michael J. Kline’s article noting, “I found this article interesting for a number of reasons, but the most important one for me was the admonition that you should not send PHI to another party ‘prior to the parties’ execution of a compliant BAA and implementation of policies and procedures to protect PHI properly.’ We say amen to that.”

Many Covered Entities (CE) and Business Associates (BA) (and now, Subcontractors (SC) as well) are using a variety of approaches to limit exposure to liability and the potentially dire consequences associated with security breaches of Protected Health Information (“PHI”). Recently, we have noticed “PHI Warnings” in email and facsimile transmissions, by which CE, BA, or SC warn unintended recipients not to transmit or re-send PHI to third parties. Such PHI Warnings are being routinely used by hospitals, providers, health insurers, law firms and others that create, receive, maintain, or transmit PHI. Such PHI Warnings should be used and worded with caution, however.

View entire article - "PHI Warnings" In Communications -- A Potential Source Of Unintended Security Breach?