We don't intercept that communication, we are a life insurance company who have records of peoples EPHI. The only way we'd ever see EPHI through outgoing mail is if someone were committing a violation anyway. HIPAA affects everyone, company wide. There is no special license for IT, we are just bound by HIPAA. We work at the company so we are going to see SSNs and EPHI in the course of our daily work anyway. The entire idea of anyone being mad that IT saw their info is ludicrous considering we are the ones that maintain the information systems that house the data. I mean, get real.