Resources

• Annual Report
• Disaster Preparedness
• Links
• Managing Conflict
• Medical Alerts
• Provider Directory
• Trends-Incidence
• Trends-National
• Trends-Prevalence
• Trends-Transplant
• Zip Code Data

Administration

• About Us
• Annual Meeting
• Coalition
• ESRD Networks
• Privacy Policy
• Site Accessibility

Consumer Services

• Access to Success
• Common Concerns
• Consumer Committee
• Depression
• Grievance Poster
• Grievance Process
• Living Well Video
• Patient Concerns
• Patient Rights

Data Management

• 2728 Form
• 2746 Form
• Address Change
• Data Compliance
• Data Policy/Procedure
• Newsletter
• Patient Activity Report

Quality Improvement

• Bone Disease
• CPM Report
• Fistula First
• MRC Treatment Goals
• QI Information

Patient Information in E-mail

CMS considers Internet e-mail to be an unsafe medium for transmitting patient information. E-mail may not be used to send patient-specific information to Network 11. When sending e-mail to Network 11 personnel, please do not include patient Names, SSNs, Medicare numbers, Dates of Birth, or any other information which, taken as a whole, could allow an unauthorized reader to determine the identity of the patient.

Network 11 is required to report instances where we receive e-mail containing Protected Health Information (PHI) to the CMS Information Systems Security Officer. Medical facilities transmitting patient information to Network 11 should only use the following:

• Telephone
• Access-controlled fax machine (the fax cover page should not contain any patient-specific information)
• U. S. Mail (1)
• Traceable carrier (FedEx, UPS, etc.) (1)
• QualityNet Exchange (for VISION data)

Following are two excerpts from the CMS Security Policy document to which ESRD Networks must adhere (2):

Section 3.2.2.
Data Storage and Transmission
Sending sensitive PII/PHI or Medicare data via e-mail is prohibited, even if the e-mail file is password protected or encrypted.

Section 3.2.2.5.
Sensitive Data
If you receive an e-mail message that discloses personal, sensitive, privacy data, PII/PHI, or Medicare information without explicit permission from CMS/QualityNet, you MUST immediately report this finding to your supervisor and Security Point of Contact (SPOC). They will call the QualityNet Help Desk to initiate the report [to the Information Systems Security Officer].

Notes

1. ESRD Networks must send electronic media containing PII/PHI via certified, signature required, U. S. Mail only. At this time we are not aware of a similar requirement on medical facilities. Mention of specific carriers does not imply an endorsement by Network 11.
2. The requirements detailed on this page apply to ESRD Networks. Medical facilities should consult their own HIPAA compliance experts.