Home Forums Discussions General Discussion HIPAA and records on CD (or Other digital media)

I am under the assumption that mailing an un-encrypted CD (PDF File) of the patient's record TO the patient is tantamount to mailing paper copies, and therefore complies with HIPAA issues.
So, am I wrong?
(Admittedly would rather use encrypted files, but if the patient had the technical expertise to deal with encrypted PDF or ZIP files I would have used the patient portal or email.)

In 24 years I have never witnessed Roger to be wrong. Since you know more about this than I do Roger, I would be happy to be a character witness at your trial.

The mail and telephone have legal privacy protections, so you should be as safe as faxing a thousand pages to them. Maybe HIPAA requires self destructing digital media?

Roger,

No, I do no think you are wrong as my fellow Virgo above states. However....

I may be a bit paranoid, but if the CD came up missing and the patient claims to have never received it, and the CD has your name and office plastered all over it, I do not think the patient will be the one getting the fine, if one is meted out.

However, if you send it by certified mail, and have the patient sign that he assumes responsibility for the CD upon receipt in mail, then that extra $5 dollars may help your peace of mind. You will at least have proof of receipt and transfer above and beyond the usual mail delivery.

I have not been sending patients their records by CD so this is my thinking off the cuff, so I hope this may be a practicable approach for you.

Dan, there was that one time I thought I was wrong, but wasn't , does that count?
/humor font off/
You are much too kind. (Actually need the testimony to my wife!!)
Jimmie, your idea is good, as that would equally apply to paper charts!
Try to hand the CD to patient , but I was lacking CD-R at the time.

Do you encrypt the charts you send by snail mail?

Jon has a good point. There shouldn't be a higher standard for securing electronic records than exists for paper records.

Jon and John , my thoughts exactly!

I don't know why they are making a higher standard for electronic records. They want me to have an encrypted hard drive, but my paper charts are sitting right there on the shelf, ready for any burglar to come in and read. They also want encrypted transactions, but they consider a fax 'secure' and they consider mailed records secure: left to set in someone's mailbox on the street. They have created a double standard. Email should be adequate, and they should just prosecute any eavesdroppers like they would anyone opening someone's mail.