Campaign: Developers and HIPAA

Does the name of a Health Insurance company constitute PHI?

Does having identifiable information of a person and the name of the health insurance company they are enrolled in (or name of other covered entity) constitute a PHI record?

 

1. Would a text message sent to an individual that includes the name of their health insurance company (but no other health information) be subject to HIPAA regulations?

2. Would a text message sent to an individual that includes the name of their medical group (but no other health information) be subject to HIPAA regulations?

3. Would a text message sent to an individual that includes the name of their doctor's office (but no other health information) be subject to HIPAA regulations?

4. Would a text message sent to an individual that includes the name of a doctor/hospital the person has been to (but no other health information) be subject to HIPAA regulations?

 

There are precedents for this type of information being sent through channels that do not necessarily meet HIPAA requirements: For example, Health insurance companies, medical groups, and doctors' offices routinely send members letters in the mail with outer envelopes that feature logos and business names.

We are trying to determine the scope of what level of data requires HIPAA regulations to be met when sending electronic communications (especially SMS).

Submitted by

Tags (If you have a multi-word tag, add a hyphen (-) between the words.)

Who are your customers? Check all that apply : Health plans or health care providers

What is your organization? : Not for profit

Voting

1 vote
1 up votes
0 down votes
Question No. 65