Privacy Officer's Roundtable

Latest Discussion Posts

  • I agree with David! Cinda ******************************************* This message and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the named addressee ...

  • If you concluded a breach then it's a breach.  If the one e-mail contained 5 discharge summaries, then for me I'd conclude one breach affecting 5 patients.  I say this because when completing the OCR notification they ask: 1) is this a breach affecting ...

  • Leigh, I generally see unencrypted e-mails that go to the correct recipient as a violation of policy and a breach under HIPAA (encryption or it's equivalent being required). However, if the recipient was the correct recipient then, for me, that would ...

  • Profile Picture

    Unencrypted emails

    How do others handle emails containing PHI that may accidentally get sent out unencrypted?  I would consider this a breach, based on a risk assessment, even if there is no evidence it ended up in the wrong hands.  I would also consider 1 breach affecting ...

  • Perfect, Thanks Cinda!  This is exactly what I was looking for. That is what I assumed, but sometimes I struggle looking at things from a non-cyber security perspective, and my biggest challenge is balancing availability/convenience with security. So ...