To whom it may concern,
While, as a security professional, I take great care to protect all of my systems and data, I cannot guarantee that I am fully compliant with both the HIPAA security and privacy requirements. I have never undergone a HIPAA audit, nor any official HIPAA training or evaluations of any kind beyond those provided to first responders. For your information I do take extensive security precautions including:
- Hardware and software firewalls on all systems and networks
- Home directory encryption on my primary Mac
- Antivirus/antispyware on all Windows systems
- OS hardening and service minimization
- Rapid deployment of all security updates
Despite these precautions I believe you should discontinue faxing medical records to my online fax system as I cannot guarantee I am handling said records within HIPAA guidelines. While I appreciate the amnio results and insurance records disputes (for multiple patients) they do not directly affect the patient care I administer as a former ski patroller and disaster medic. It is, however, good to know that should I manage to perform an amniocentesis on my pregnant patients in the middle of a ski slope you will be able to provide me with accurate and timely results.
By faxing my online system (which forwards to my work email) your medical records are subject to a number of possible security risks, including, but not limited to:
- Interception on my corporate email server
- Review by unauthorized persons
- Loss due to lost backup tapes of said email system
- Other standard security vulnerabilities
I do appreciate you value my medical opinion (since I’m only an EMT/washed-up paramedic) and my input on billing issues (for which I have no training). That said, you should probably remove me from your consultation list.
((Doesn’t it make you feel just peachy that the entire healthcare industry still runs on fax for medical orders, results, and billing? And may have sent me your colonoscopy results?))