Q: Is it a reportable breach if an entity had the ability to send encrypted email, but an unencrypted email was sent to the correct recipient because of a computer fluke or user error?
Not only does your organization need appropriate policies and procedures in place to comply with HIPAA, you also need to make sure that staff members follow those policies and procedures. It’s not an easy task, and each organization has its own way of auditing compliance.
Q: My child’s school requires parents to send a doctor’s note when a student is out sick for more than two days. After providing this note for my child, their teacher spoke to me and mentioned information she could only have learned if she had read the note. Is this a HIPAA violation? Are schools covered by HIPAA if they request doctor's notes?
