Technology continues to change the way we run a medical office. From e-mail to wireless tablets to the fax machine, the press of a few buttons or icons can transmit medical information to any location in the world. At the same time, there lurks a significant and under-appreciated risk in the inadvertent and accidental disclosure of protected health care information (PHI). HIPAA requires the same level of due diligence to investigate and remediate a breach of PHI regardless of whether it occurred by accident or design.
Take the fax machine for example. When using the fax machine to transmit PHI, always confirm that you have the correct number of the intended recipient and that the receiver is located in a secured environment. Transmitting PHI to a fax machine at Kinko's, for example, is never a good idea. Also, make sure that the correct number is showing on the machine's display or monitor before pressing the "send" button.
Whether a machine or a computer, sending PHI to the wrong number is a HIPAA violation that triggers your obligation to investigate the nature and extend of the breach. The power of your staff to cause an accidental breach and a possible investigation by the Department of Health and Human Services, Office of Civil Rights, is very real.
Authored by
Lee McMullin
Senior Risk Management & Patient Safety Specialist
If you have questions about this article, please contact us. This information should not be considered legal advice applicable to a specific situation. Legal guidance for individual matters should be obtained from a retained attorney.