How To Blow Your HIPAA Compliance In 1 Email
It has happened again, and it won’t be the last time. The City of Boston just received their egg-in-the-face award for sending an email to all their recently-tested-positive Covid patients instructing them on the City’s policies regarding quarantine and testing going forward. No harm, no foul, except they included all of the recipients in the TO line. So 100 city employees learned of the Covid status and vaccination status of their co-workers. Oops.
Sadly, we see this happen frequently. People simply forget to put email addresses in the BCC (blind copy) address bar. Here are two quick ways to fix this issue.
First – train your staff. It should be reflexive whenever sending an email to a group, or more than a couple of recipients. Proper training can help make this happen.
Second – set your email client to ALWAYS display the BCC line. Seeing it prominently presented, rather than having to click it to display, will reduce these types of errors.
Finally, it’s become common place for employers to discuss Covid and vaccination status with their employees, but this is not, nor should it become, the norm. Asking employees about their health status has always been a sensitive area and organizations should not relax those standards just to accommodate convenience.
As things return to some semblance of “normal” (I’m in California so normal is relative), we encourage you to be cautious in adhering to recently established patterns with your employees.
If you’re paranoid that people are watching you, it’s because they probably are. Good cyber-hygiene is a daily ritual – adopt it today if you haven’t already. Check to ensure your anti-virus is running every time you sit at your computer. Check to ensure your updates have been run at least once a day. Make it a habit.
Thank you for reading.