Make sure your staff are thoroughly trained — and reinforced — about HIPAA-compliant e-mail procedures.
One Texas hospice is learning that lesson the hard way. Hope Hospice in New Braunfels notified 818 patients when it discovered in a routine security check that an employee had e-mailed a report containing PHI to themself using “an unsecured channel,” the hospice says in a notice on its website.
“The information included in the report was limited to 818 patient names, referral source, referral and admission date, name of insurance company, chart number, county and date of discharge,” the hospice says about the December e-mail. “The information did not include other sensitive personal identification such as social security numbers, dates of birth or addresses.”
Bottom line: “The information was secured February 28, 2013, and the Agency does not believe the type of information included presents a risk of financial harm,” the hospice says.
In response to the incident, Hope has given staff additional training, is reviewing its policies and procedures for improvement, and is tightening up security, it says.