in HIPAA Headlines by John Brewer

The MED in Memphis, which is a the regional medical center in Memphis, TN is notifying 1,200 patients of a PHI breach.

This breach is has been classified as an “innocent employee mistake“, in which 3 un-secure emails were sent with attachments that contain PHI.

This goes right to my email soap box speech.

I will give the shortened version of it now:

Never should anyone in your office say they are going to email anything that contains PHI.  The term email and PHI should never be used together.

Instead the term used should be “secure message“.

Meaningful Use Stage 2 will be pushing everyone to setup a secure messaging system, and it should be used…BUT, ensure that nobody said “email” when sending PHI.

“Buy why??”

This Memphis breach is the perfect example of people getting too lax with terminology.

When a procedure is being accomplished on a patient, very specific terminology is used.  This should also be the case when dealing with PHI.

I’m pretty sure nobody wants to pay a minimum of $100 fine (per violation) for something as simple to prevent as sending PHI via email.


About John Brewer

This author hasn't yet written their biography.
Still we are proud John Brewer contributed 177 great entries.

0 thoughts on “The End of Innocence?

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *