What other possibilities are there to send customer data, images and information besides CD to the customer or client, keeping in mind the HIPAA violation. What other secure way can be implemented? Any suggestions?

There many ways but unless the information is encrypted on the CD, it is not considered secure under HIPAA standards. The organization responsible for the CD may be subject to penalties if unencrypted information on a CD is intercepted or even lost. The recent HITECH Act that was part of the economic stimulus package last January 2009 expands the penalties and consequences for loss of unencrypted protected information but creates a "safe harbor" to avoid these penalties if the information is encrypted.

Many organizations use HIPAA-compliant secure websites for transactions (with https:// in the browser bar). Encrypted- protected information can also be sent electronically as an email attachment or uploaded or downloaded on an encrypted file from a website using a File Transfer Protocol (FTP), or through a VPN connection. All of these mechanisms are currently in wide use by a range of covered entities.

Also, note that under HITECH, HIPAA penalties now apply to protected information on paper, so this is no longer a way to avoid compliance problems if non-authorized individuals obtain access.

The HIPAA Wizard provides basic information for guidance only. Since the application and impact of laws can vary widely based on the specific facts involved, the information provided should not be interpreted as a recommendation for a specific plan or course of action. The Medical Banking Project does not render specific legal, accounting, tax, or other professional advice. Before making any decision or taking any action, we strongly recommend consultation with an attorney or other professional. The Medical Banking Project, its owners, employees, consultants, affiliates, or subsidiaries, shall not be responsible or liable, directly or indirectly, in any way for any loss or damage of any kind incurred as a result of, or in connection with use of, or reliance on, the information provided.

To view previous HIPAA Wizard questions, become a member today!