RE: Is patient email address PHI?

Wed, 29 Jan 2003 05:36:15 -0800 

Thanks for that reasoned response, Noel.  Our specific question is, since you can read 
an email address (you being someone out looking for insecure data on the internet) 
even on an encrypted email, does the email address of a patient coming from a provider 
or health plan constitute PHI because it indicates that patient is being treated by 
the provider or has health coverage under the health plan?
 
Again, this seems like a very narrow reading of the regs - but the question came up, 
and we want to check it out.
 
-----Original Message----- 
From: Noel Chang [mailto:[EMAIL PROTECTED]] 
Sent: Tue 1/28/2003 10:58 PM 
To: WEDI SNIP Privacy Workgroup List 
Cc: 
Subject: RE: Is patient email address PHI?



        I didn't respond to the original message because the question was not clear
        to me.
        
        When Susan wrote "Email address is listed in the reg as an identifier that
        must be removed from data being disclosed" was she referring to the
        requirement in section 164.514(b)(2)(i) that ennumerates the various
        identifiers that must be removed for PHI to be de-identified under the "safe
        harbor" method?  If not, I'm not sure what else she meant by that statement. 
        Susan, can you cite where else the Rule requires that email addresses be
        removed?
        
        If Susan was referring to 164.514 then we are talking about a disclsoure of
        de-identified information.  Why would you be emailing an individual de-
        identified information about themselves?  Since you are emailing the
        individual this would qualify as a permitted disclosure to the individual and
        therefore there is no need to de-identify the information in the first place!
        
        Please explain your situation better and please give specific citations as to
        where you think there are conflicts with the Privacy Rule.  Otherwise I'm
        afraid I don't understand the question well enough to offer an opinion.
        
        Noel Chang
        
        --
        Open WebMail Project (http://openwebmail.org)
        
        
        ---------- Original Message -----------
        From: [EMAIL PROTECTED]
        To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]>
        Sent: Tue, 28 Jan 2003 20:08:32 -0700
        Subject: RE: Is patient email address PHI?
        
        > I will go out on a limb with an unsubstantiated opinion because it
        > is late
        > 
        > Only if the email also contained health information or some indictor
        > of health status - or - If they could infer by the name or address
        > of the sender the health status of the recipient.
        > 
        > Would anyone out there agree with that?
        >
        > -----Original Message-----
        > From: Brousseau, Susan [mailto:[EMAIL PROTECTED]]
        > Sent: Tuesday, January 28, 2003 4:58 PM
        > To: WEDI SNIP Privacy Workgroup List
        > Subject: Is patient email address PHI?
        >
        > This seems picayune, but: Email address is listed in the reg as an
        > identifier that must be removed from data being disclosed.  If we
        > email a patient, would addressing that email to their email address
        > be considered a violation of HIPAA?
        > 
        > Thank you,
        > 
        > Susan Brousseau
        > Business Analyst
        >
        > 
        >
        > ---
        > The WEDI SNIP listserv to which you are subscribed is not moderated.
        > The discussions on this listserv therefore represent the views of
        > the individual participants, and do not necessarily represent the
        > views of the WEDI Board of Directors nor WEDI SNIP. If you wish to
        > receive an official opinion, post your question to the WEDI SNIP
        > Issues Database at http://snip.wedi.org/tracking/. These listservs
        > should not be used for commercial marketing purposes or discussion
        > of specific vendor products and services. They also are not intended
        > to be used as a forum for personal disagreements or unprofessional
        > communication at any time.
        >
        > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
        > To unsubscribe from this list, go to the Subscribe/Unsubscribe form
        > at http://subscribe.wedi.org or send a blank email to leave-wedi-
        > [EMAIL PROTECTED] If you need to unsubscribe but your
        > current email address is not the same as the address subscribed to
        > the list, please use the Subscribe/Unsubscribe form at
        > http://subscribe.wedi.org
        >
        > Confidentiality Notice:  The information contained in this message
        >
        > may be privileged and confidential and protected from disclosure.
        >
        > If the reader of this message is not the intended recipient, or an
        > employee
        >
        > or agent responsible for delivering this message to the intended
        > recipient,
        >
        > you are hereby notified that any dissemination, distribution or
        > copying
        >
        > of this communication is strictly prohibited. If you have received
        > this
        >
        > communication in error, please notify us immediately by replying to
        > the
        >
        > message and deleting it from your computer. Thank you.
        >
        > ---
        > The WEDI SNIP listserv to which you are subscribed is not moderated.
        > The discussions on this listserv therefore represent the views of
        > the individual participants, and do not necessarily represent the
        > views of the WEDI Board of Directors nor WEDI SNIP. If you wish to
        > receive an official opinion, post your question to the WEDI SNIP
        > Issues Database at http://snip.wedi.org/tracking/.   These listservs
        > should not be used for commercial marketing purposes or discussion
        > of specific vendor products and services.  They also are not
        > intended to be used as a forum for personal disagreements or
        > unprofessional communication at any time.
        >
        > You are currently subscribed to wedi-privacy as:
        > [EMAIL PROTECTED] To unsubscribe from this list, go to the
        > Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a
        > blank email to [EMAIL PROTECTED] If you
        > need to unsubscribe but your current email address is not the same
        > as the address subscribed to the list, please use the
        > Subscribe/Unsubscribe form at http://subscribe.wedi.org
        ------- End of Original Message -------
        
        
        ---
        The WEDI SNIP listserv to which you are subscribed is not moderated. The 
discussions on this listserv therefore represent the views of the individual 
participants, and do not necessarily represent the views of the WEDI Board of 
Directors nor WEDI SNIP. If you wish to receive an official opinion, post your 
question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These 
listservs should not be used for commercial marketing purposes or discussion of 
specific vendor products and services.  They also are not intended to be used as a 
forum for personal disagreements or unprofessional communication at any time.
        
        You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
        To unsubscribe from this list, go to the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org or send a blank email to 
[EMAIL PROTECTED]
        If you need to unsubscribe but your current email address is not the same as 
the address subscribed to the list, please use the Subscribe/Unsubscribe form at 
http://subscribe.wedi.org
        

 
bh*.j&v+'٨uڵSbˬ*'+%lz~ޭkzǧ^'v+v楥ȩj{ljw]z-ƫ\zޱ,aya
 
*r+z+X@H!+yǢ槡r&r-^X@H".zڵڱ歆i'v*+ki"Ӆ+-hWg޺ǝ~ܢiȚfb
n,z+v+"zݢkۜƧvǫ'8^ɩlޞbקumZ韢^'jWb+y鞞(鮇޲Ȩ\i'*'j֧ئy.jޞrryhbi̚܆+ޙj!d{.n++%`-n+R{.n+m칻&b(ǧujy^jyة+s-z|Tlb*.睶ryʋrz{^ikz"z-jg^ikz,&v-beyǭn+R{.n+m칻&b

Reply via email to