I received a call from a physician regarding him receiving a fax that did not belong to him plus it contained private patient information. I had a 30 minute dialog with the physician and he was pleading his cause that no doctors offices should no longer be using a fax to deliver private patient information and it is a breach in HIPAA. I looked up the issue on the AMA (American Medical Association) website and here is what part of the article stated “May a physician or hospital “fax” a patient’s medical information to other physicians or to an insurer”?
Yes. The Privacy Rules do not prohibit a “covered entity” from faxing protected health information.
A physician should be sure, however, to comply with the Privacy Rules’ requirements for disclosures generally. For example, the physician should check whether the “minimum necessary” rule applies and, if it does, limit the information in the fax to the minimum necessary information.
Also, a physician should be sure to have appropriate security safeguards in place that are administrative, technical, and physical in nature. For example, the physician should use policies and procedures that require office staff to verify the recipient’s fax number and use a cover sheet that does not include protected health information.
In our day of electronic information moving at the speed of light, do you agree with the physician in this article or is he misinformed?
I welcome your comments.