HIPAA

 View Only
  • 1.  US Postal Office forwarded mail of many clients to another client - Is this a HIPAA Breach for our Office

    Posted 10 days ago
    Good morning,
    I patient recently brought in a huge box of mail that belonged to other patients into our behavioral health clinic. He was once homeless and was using our address to get his mail. Once he obtained housing he changed his address and started to receive mail for other patients.  This has affected at least 200 patients over the last two years. A colleague told me that this is not a HIPAA breach because the US Post Office is not a business associate and this was their error. I'm not convinced so I have to turn to you all for advice.


    ------------------------------
    Tracy Purnell
    Chief Compliance Officer
    Team Wellness Center, Inc
    Dearborn,MI
    ------------------------------
    Default Blank


  • 2.  RE: US Postal Office forwarded mail of many clients to another client - Is this a HIPAA Breach for our Office

    Posted 10 days ago
    I agree , from a strictly HIPAA compliance/OCR enforcement perspective, it is a USPS issue not a breach your organization.is responsible for. 



    Default Blank


  • 3.  RE: US Postal Office forwarded mail of many clients to another client - Is this a HIPAA Breach for our Office

    Posted 10 days ago
    In order for the PO to forward mail they have to get a forwarding request.  If John is getting Jane's mail then I'd say that Jane submitted a forwarding request using his address.

     

    David Garrison 

    Compliance/Privacy Officer 

    SEARHC Executive Offices

    P: 907.364.4466 F: 907.463.4075
    3100 Channel Drive, Suite 300 | Juneau, AK 99801


    -- This e-mail and any files transmitted with it are confidential, may be protected by state and federal privacy laws, and intended solely for the use of the individual or entity to whom it is addressed. If you are not the named addressee, do not disseminate, distribute or copy this e-mail or any attachments. Please notify the sender immediately by e-mail if you have received this e-mail in error, and delete this e-mail and any attachments from your system.



    Default Blank


  • 4.  RE: US Postal Office forwarded mail of many clients to another client - Is this a HIPAA Breach for our Office

    Posted 10 days ago
    One client completed a forwarding request and the post office changed for several clients. The homeless population uses the clinics address for mail.

    Sent from my iPhone


    Default Blank


  • 5.  RE: US Postal Office forwarded mail of many clients to another client - Is this a HIPAA Breach for our Office

    Posted 9 days ago
    This scenario starts with a practice that the clinic permitted, namely allowing patients to use the clinic's address as their own. Thinking about the intent of that policy, I'm assuming the intent is:  we are your healthcare provider and since you, patient, do not have an address, just use our address and we will keep your PHI safe until such time you come to retrieve it. So the question is, does this policy reasonably safeguard patient information as intended? I think the fact that a patient could change their address triggering his receipt of mail from hundreds of other patients says: maybe not. I wouldn't be so quick to push this off as a USPS error. I think due diligence is in order to investigate why this occurred. It strikes me as unusual that USPS would forward mail with other patient's names on it, so I'm wondering if there is something in the way these letters are addressed that is triggering this forwarding. For example, does the address contain the word "homeless" or some other designation to tell the clinic this is the mail for our patients who are using our address? If that's the case then I think you need to do a LoProCo.

    ------------------------------
    Brenda Manning JD, CHC, CHPC
    Privacy Counsel
    Maximus, Inc.

    The views expressed herein are my own and do not represent those of my employer. They are not meant to constitute legal advice or create an attorney-client relationship.
    ------------------------------

    Default Blank


  • 6.  RE: US Postal Office forwarded mail of many clients to another client - Is this a HIPAA Breach for our Office

    Posted 7 days ago
    Usually change of address request is "name" specific, but JUST A GUESS - somehow the post office (since you are a business) treated the address change as a business address change and sending others' mail as well - particularly if, as Brenda suggests, maybe you have something specific in the address to identify as patient mail.

    ------------------------------
    Marie Wagner, CHC, CHRC
    Operations Manager, Corporate Compliance
    The Queen's Health Systems
    Honolulu, HI
    ------------------------------

    Default Blank