Mel B. Posted November 20, 2018 Share Posted November 20, 2018 We include a listing of the new employees who are participants in the COBRA, FSA and HRA plans when we send them our invoices. I would like to know if the names of the employees are PHI and if we should send our bill via a secure mode of communication? Link to comment Share on other sites More sharing options...
leevena Posted November 20, 2018 Share Posted November 20, 2018 Any email with PHI should be sent encrypted and secured. Link to comment Share on other sites More sharing options...
Mel B. Posted November 20, 2018 Author Share Posted November 20, 2018 The invoice does not have PHI other than the names of the new employees who participate in the plan - that is all. However, do the names of the employees who participate in the FSA plan are considered PHI or not - that is what I would like to know. Link to comment Share on other sites More sharing options...
Chaz Posted November 21, 2018 Share Posted November 21, 2018 Information about whether an employee is enrolled in a group health plan may or may not be PHI depending on whether the information is held by or on behalf of the plan (it is) or by or on behalf of the employer (it is not). Sometimes/often making this determination is difficult so it makes sense to follow HIPAA's requirements even though it may not technically be required. Encrypting emails disclosing this information seems to be a relatively easy step to take in this regard. If there is some reason why encrypting this information when transmitting it is not desired or practical, you might want to ask your benefits counsel for guidance. Link to comment Share on other sites More sharing options...
MichaelMinix Posted August 23, 2019 Share Posted August 23, 2019 On 11/21/2018 at 8:54 PM, Chaz said: Information about whether an employee is enrolled in a group health plan may or may not be PHI depending on whether the information is held by or on behalf of the plan (it is) or by or on behalf of the employer (it is not). Sometimes/often making this determination is difficult so it makes sense to follow HIPAA's requirements even though it may not technically be required. Encrypting emails disclosing this information seems to be a relatively easy step to take in this regard. If there is some reason why encrypting this information when transmitting it is not desired or practical, you might want to ask your benefits counsel for guidance. Agree with you. Link to comment Share on other sites More sharing options...
leevena Posted August 25, 2019 Share Posted August 25, 2019 I disagree, sorry. If Mel B is sending out invoices to a number of employees and each of those employees can see the names of other participants, their coverages, costs, along with other information, I would be concerned. I agree with Chaz, they should seek guidance. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now