Question: If we fax a document containing a patient’s medical information from one place to the other and it goes to the wrong location, is that considered electronic protected health information (ePHI)?
Answer: If the document is simply going through a straight fax machine to another, that’s not considered ePHI, answers Jim Sheldon-Dean, founder and director of compliance for Lewis Creek Systems, LLC in Charlotte, VT.
Still, this situation is considered a breach, although it basically winds up being a Privacy Rule violation, Sheldon-Dean says. And so in this case, you had information that went to the wrong location, which means you had an improper disclosure.
This is the kind of situation that you would need to report to the individual and to the U.S. Department of Health and Human Services (HHS) as a small breach that affects just one individual, Sheldon-Dean instructs.
But if the document originated from a computer to a fax server and was faxed to the wrong location, this is considered ePHI, Sheldon-Dean warns. When you have a computer-generated document going into a fax server, you must treat that as electronic information under the Privacy and Security Rules.