How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site. Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask JBaxLaw Your Own Question
JBaxLaw, Attorney
Category: Business Law
Satisfied Customers: 11396
Experience:  Experienced in business formation and licensing issues
Type Your Business Law Question Here...
JBaxLaw is online now
A new question is answered every 9 seconds

I have a HIPAA related question. If an employee in a physicians

This answer was rated:

I have a HIPAA related question.

If an employee in a physician's office sends a general announcement email to patients about a diabetes class and fails to blind copy the patient's email addresses (some patients use their name in their email address) is this a HIPAA violation?

Or instead is this just a very unfortunate and less than professional type of office error. A few patients are upset (understandably so) that 20 other patients now have their email addresses and know they were invited to the class. No patient personal health information was distributed in the email. Just email addresses.

I am a professional here to assist you. I appreciate your use of this service.

Was this sent to everyone and not only those who had diabetes?
Customer: replied 4 years ago.

Every patient but only 20 per email.

Did the email state the recipients had a specific condition such as diabetes? It sounds like this email went to all of the patients of a clinic advertising a new service and not specifying they had a condition.

Is your concern that the emails were shared and not medical information?

Thank you
Customer: replied 4 years ago.
Yes, our concern is that the email addresses were shared accidentally. We sent a general announcement to all patients (diabetic or not) and did not specify that anyone had a condition. However, a few patients have responded with anger that 24 other patients can see their email addresses in the announcement email (....because some addresses included a patient's full name....) and now others know they were invited to a diabetes class. (Our system does not allow sending a mass email with all patients in one, so we can only send an email with 25 email addresses at one time.)

Again, all our patient base was just notified of a Free Diabetes class we were providing. Just dates, times location and info about content and instructor.
I appreciate your patience while I looked into this matter. Under HIPAA, protected health information includes email addresses. Email communication is permitted, but the rule requires that a provider “make reasonable efforts to limit the use of disclosure of, and requests for, protected information to the minimum necessary to accomplish the intended purpose” (45 CFR Parts 160 and 164). A strict reading of the rule would mean disclosure of email addresses, due to failure to take reasonable efforts to maintain privacy, constitutes an violation where the content of the communication contains confidential health information. One reading such an email would reasonably ascertain that the email addresses are those of patients being treated for diabetes. A provider needed only blind copy addresses to prevent such a problem.

Will you be so kind as to leave a positive service rating?

I would greatly appreciate it. I rely on excellent ratings and optional bonuses to provide this service.

Thank you and please have a great day. You will see an option to leave the rating on your screen.
JBaxLaw and 3 other Business Law Specialists are ready to help you