Important Reminder When Sending Information to CSC or DHHS

When addressing provider issues, it is very helpful to have specific claim information. Please remember to encrypt any Protected Health Information (PHI) about recipients that is emailed to CSC or DHHS. PHI includes name, recipient ID, date of birth, and other individually identifiable health information that could be used to identify a person. Note that screen shots from the secure Provider Portal and the Remittance Advice both often contain PHI.

(A provider’s name, address, and NPI are not considered PHI.)

If you need to email PHI, please encrypt and password-protect the information using file compression software such as WinZip. The password should be sent in a separate email.

When the NCTracks team needs to send an email containing PHI, it is typically done using ZixMail.  For more information about ZixMail, see the March 11, 2015, announcement.

For additional information about safeguarding PHI, see the U.S. Department of Health and Human Services website at http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/De-identification/guidance.html#standard.