We have experienced several business associates (BAs) sending PHI through unencrypted e-mail. These events range from text in the body of the mail to spread sheets and PDF with volumes of PHI.
The information was sent to the appropriate recipient, but I am concerned that this puts PHI at risk since it was unencrypted. In the past we have use the “postcard” analogy to say all PHI needs to be encrypted when in transit.
Do others consider this a breach?