Updated 1/25/2023

PII: Personally Identifiable Information
PHI: Protected Health Information
Please be advised that email correspondence to the Network is NOT secure and does not meet the guidelines established by the Health Insurance Portability and Accountability Act (HIPAA) for transmission of PHI/PII. 

As per CMS guidelines, if we receive PII or PHI on any patient via email, this breach must be reported to the sender and the facility administrator via email, and to CMS through the use of the CMS Incident Handling Actions. An investigation will be done by a designated CMS QualityNet (QNet) security staff member. Depending on the type and severity of the incident, internal procedures and/or external agencies will be notified as required by law. Upon receipt of our notice from the Network, it is your facility’s responsibility to notify your organization’s HIPAA compliance officer and to follow the guidelines established by your institution to comply with HIPAA mandates. 

Any violation of this policy must be reported by the Network to The Centers for Medicare and Medicaid Services (CMS). 

  • HIPAA Training Materials: Link
  • Health Information Privacy: Link
  • Understanding Patient Safety Confidentiality: Link

  • HIPAA Basics for Providers: Privacy, Security, and Breach Notification Rules: Guide
  • National Provider Identifier Standard (NPI): Link