Just like the fax machine is antiquated, so is the “ambulance chasing attorney”…the
new version of this attorney is the “PHI breach chasing attorney.”
At the most basic level HIPAA regulations allow for sending PHI via the mail,or the equivalent (a courier/FedEx/UPS), or fax.
There is some thick irony when the antiquated technology of the facsimile (yes that is what fax is short for) is considered secure.
Does this mean they are actually secure methods of transportation?
Here is a perfect example: The summary is this — A package of microfiche containing the sensitive data was shipped last month (April) by Hewlett-Packard via the U.S. Postal Service to a state In-Home Supportive Services office in Riverside, Calif. The package arrived tampered with and with some contents missing.
Potential victims: 700,000.
In this example, technically nothing was done wrong. Though one might wonder why microfiche is still being used.
BUT – anytime something like this happens, an investigation occurs.
I’ll be they’ll find problems with the processes and no Associates Agreement.
What does this mean to a private practice physician?
No matter how basic the method of transportation, your office must have a strict policy in place as to how PHI will be transported.
Everybody in your office must know the company HIPAA policy and understand how to follow the policy.
If your office has a breach, yet has a solid set of policies that everybody follows, then the damage to your practice will be much less than if there is no policy in place.
Even in the most secure situation, breaches will occur. If you have a breach, which would you rather say to your local news station:
- “Our staff member left the PHI in their car and it was stolen“…OR…
- “We follow HIPAA regulations and have company policies in place to prevent this, but breaches can still occur.“
I’m pretty sure you want the second option.
Anytime you have a breach, no matter how small, you policies and process will be scrutinized.
Also, in this day of legal action, you have to believe that the new version of the “ambulance chasing attorney” will be the “PHI breach chasing attorney”.