Waiver of responsibility for emailed PHI

["Mayne, Jim" <j.mayne () TCU EDU>]

A question for some of you that have experience with HIPAA and the HITECH rules. If a person, or in the case of a 
child, a legal guardian signs a waiver allowing PHI to be communicated with them through email and later that email is 
misrouted, intercepted or otherwise read by someone else, is that considered a breach? Is the school responsible for 
reporting that as a breach?

Thanks,
Jim

Jim Mayne
Information Security Services