CHPC Study Group

  • 1.  Medical Records/Email

    Posted 03-21-2023 12:52 PM

    Please correct me if I am wrong, but I thought we had discussed that if a patient request their medical records by email and acknowledge that is not a secured transmittal, we still should comply with what ever format they have requested, within reason. 

    After review of our  Cyber Security Risk Assessment by an outside company, they are saying email should not be a form of ePHI and the company assumes liability until the delivery of the medical records to the patient. 

    Thoughts/discussion on this would greatly be appreciated. 

    Denise Gilley

    Denise Gilley
    Site Supervisor, HIPAA Privacy Office
    Urology Centers of Alabama
    Certification Disclaimer