What if patients requested to receive their PHI in an unsecure manner?
The HIPAA Covered Entity complied to the request, and the information got intercepted while in transit. Would the HIPAA Covered Entity be responsible, assuming that the HIPAA Covered Entity has warned patients of the risks associated with the unsecure transmission, and patients have accepted those risks?
45 CFR 164.524
What if patients requested to receive their PHI in an unsecure manner?
- No, the HIPAA Covered Entity is not responsible.
- Yes, the HIPAA Covered Entity is responsible.