omnibus Archives

Posts Tagged ‘omnibus’

HIPAA Compliance Checklist

Tuesday, January 11th, 2022

This HIPAA compliance checklist was designed to help organizations understand their obligations under the law. The checklist items are not a complete list, just a starting point for your compliance program. HIPAA requires a yearly risk analysis to identify new vulnerabilities. Any business process change or new technology usage introduces new risk into an organization’s security program, so it’s important to review the standards regularly.

Read the rest of this post »

Tags: addressable, compliant, encryption, ePHI, hipaa, hipaa checklist, hipaa compliance, hitech, omnibus, phi, protected health information, security
Posted in LuxSci Library: HIPAA
No comments »

Can You Send ePHI in Insecure Emails and Texts with Mutual Consent?

Tuesday, April 27th, 2021

Email and text messaging are among the most common forms of business communication. However, if you are sending ePHI, regular texts and emails are off limits! If you are subject to HIPAA regulations, you will need mutual consent from your patients before sending ePHI insecurely via these methods.

This may seem frustrating because text and email are easy and switching to a secure service can feel like a lot of work. However, when ePHI is mishandled it can have significant repercussions. Personal information can be stolen, made public, and even used in fraud.

Text messaging and normal email carry significant risks to ePHI, because they aren’t designed to be secure. While it is best to only send ePHI over secure services, there may be instances where the patient wants to communicate over these insecure methods. Because of the risks, your organization needs signed mutual consent waivers to proceed with insecure communication.

Read the rest of this post »

Tags: consent, ePHI, hhs, hipaa, hipaa compliance, mutual, mutual consent, omnibus, phi, privacy rule, risk, security rule, unencrypted email
Posted in LuxSci Library: HIPAA
No comments »

What exactly is ePHI? Who has to worry about it? Where can it be safely located?

Friday, September 15th, 2017

There is often a great deal of confusion and misinformation about what constitutes ePHI (electronic protected health information) and how to protect it under HIPAA requirements. Even once you understand ePHI and how it applies to you, the next question becomes, where is ePHI permitted? What is secure and what is not?

We will answer the “what is ePHI” question in general and the “where can I put it” question regarding web and email hosting and Secure Form processing at LuxSci.

Read the rest of this post »

Tags: business as, covered entity, email, ePHI, hipaa, omnibus, protected health information
Posted in LuxSci Library: HIPAA, Popular Posts
No comments »

Opt-In Email Encryption is Too Risky for HIPAA Compliance

Tuesday, July 11th, 2017

A majority of companies that offer email encryption for HIPAA compliance allow senders to “opt-in” to encryption on a message-by-message basis. If the sender “does nothing special” then the email will be sent in the normal/insecure manner of email. If the sender explicitly checks a box or types a keyword in the body or subject of the message, then it will be encrypted and HIPAA-compliant.

Opt-in encryption is desirable because it is “easy.” End users don’t want any extra work and don’t want encryption requirements to slow them down, especially if many of their messages do not contain PHI. It is “good for usability” and thus easy to sell.

Cybersecurity opt-in email encryption

However, opt-in encryption is a very bad idea with the inception of the HIPAA Omnibus rule. Opt-in encryption imposes a large amount of risk on an organization, which grows exponentially with the size of the organization. Organizations are responsible for the mistakes and lapses of their employees. Accidentally sending unencrypted emails with PHI is an automatic breach with serious penalties.

Read the rest of this post »

Tags: email, encrypted email, hipaa, hipaa compliance, omnibus, omnibus rule, opt in, opt out, phi, reportable, secureline, unencrypted, usability
Posted in LuxSci Library: HIPAA
No comments »

What exactly does HIPAA say about Email Security?

Friday, August 30th, 2013

Performing daily business transactions through electronic technologies is accepted, reliable, and necessary across the nation’s healthcare sectors. Therefore, electronic communications and email have become a standard in the healthcare industry as a way to conduct business activities that commonly include:

Interacting with web-savvy patients;
Real time authorizations for medical services;
Transcribing, accessing and storing health records;
Appointment scheduling;
Referring patients; and
Submitting claims to health plan payers for payment of the services provided.

Read the rest of this post »

Tags: access control, addressable, audit controls, authentication, covered entities, email security, email security rule, encryption, ePHI, Health Insurance Portability and Accountability Act, heathhealthcare, hipaa, hitech, integrity, omnibus, phi, privacy, protected health information
Posted in AAA Featured Articles, LuxSci Library: HIPAA
9 Comments »

Posts Tagged ‘omnibus’

HIPAA Compliance Checklist

Can You Send ePHI in Insecure Emails and Texts with Mutual Consent?

What exactly is ePHI? Who has to worry about it? Where can it be safely located?

Opt-In Email Encryption is Too Risky for HIPAA Compliance

What exactly does HIPAA say about Email Security?

Search the Blog

Follow the Blog

Categories