Scenario: You are working on a case and are stumped. Using your himagine email, you email one of your knowledgeable & friendly himagine auditors with the following question.
Hi Friendly QA Auditor,
I have a question about a case. Can you look at MRN 123456 & tell me what you think the histology should be?
Question: Is the above email a HIPAA violation?
Answer: Yes! Medical Record Number is considered PHI. It would have been better to email the question using the Accession Number which is not considered PHI. If you are required to send PHI via email, you must send the email using himagine’s secure email portal. Ask your manager for details.
Who do I contact if I have a HIPAA-related question or concern?
Send an email to HIPAASecurity@himaginesolutions.com for all questions you have related to HIPAA or when you need to report an incident or suspected incident.
This is a reminder of what is considered Protected Health Information (PHI).
- All geographic subdivisions smaller than a state (street address, city, county, precinct).
- Note: zip code or equivalents must be removed, but can retain first 3 digits if the geographic unit to which the zip code applies if the zip code area contains more than 20,000 people
- For dates directly related to the individual, all elements of dates, except year (date of birth, admission date, discharge date, date of death); and all ages over 89 or dates indicating such an age
- Telephone number
- Fax number
- Email address
- Social Security Number
- Medical Record Number
- Health Plan Number
- Account Numbers
- Certificate or license numbers
- Vehicle identification/serial numbers, including license plate numbers
- Device identification/serial numbers
- Universal Resource Locators
- Internet Protocol addresses
- Biometric Identifiers
- Full-face photographs and comparable images
- Any other unique identifying number, characteristic or code
- Electronic Protected Health Information (ePHI). PHI that is received, transmitted, or maintained in electronic form.