Do Not Send Protected Health Information to Your Personal Accounts

Print this Page

Privacy and Security | America | Feb. 01, 2019

This is a reminder that sending clients’ information (called Protected Health Information or PHI) to any personal email account or personal device is against Centerstone’s policy.

Protecting our clients’ privacy is our first priority, and sending or storing client PHI outside of the Centerstone network does not only make the information vulnerable to hacking attacks, but it also makes you liable for the consequences. If a hacker detected the PHI you emailed to yourself and stole that client’s identity, the Federal Office of Civil Rights would consider you liable for it. If you have sent any client PHI to your personal email address or personal device, please delete it immediately.

Please remember that PHI is not only the date of birth or the social security number of a patient, but any kind of personal information including treatment, medications, information about the session, and so on. This is still true for information that does not contain the client’s name. For example, information related to a client’s health, even if it does not include the name of the client, is still considered PHI.

For more information and guidelines on secure communication, please read our Electronic Communication Policy

If you have any questions related to privacy and security, please contact ilaria.calo@centerstone.org or our Security Officer Karen Keene at karen.keene@centerstone.org

Back