Posts Tagged ‘hipaa compliant’
Tuesday, July 31st, 2018
HIPAA’s encryption requirements fall in a grey area. This is mainly due to two reasons:
- encryption is required when ‘deemed appropriate’, which means email encryption is not absolutely necessary and ‘mutual consent’ can be used in place of encryption.
- there are a number of ‘addressable requirements’ pertaining to the technical safeguards as far as ePHI encryption is concerned
What exactly is mutual consent?
Mutual consent refers to a mutual understanding between doctor and patient that email containing ePHI can be sent to patients’ email account without encryption. Patients should communicate their approval in writing after being informed of the security risks and understanding that a secure option is available. You must additionally maintain all records of mutual consent.
Mutual consent does not waive off other HIPAA-related requirements. You must still use HIPAA-compliant systems, log and audit non-encryption choices, and back-up and archive all email communications sent insecurely, etc.
Encryption at rest is ‘addressable’
‘Addressable’ means that the safeguard should be implemented or an alternative to the safeguard that delivers the same results should be implemented. In the absence of both, you should document and justify why no action has been taken with regard to the safeguard.
Read the rest of this post »
Tags: encrypted email, hipaa, hipaa compliant, hipaa-compliant email
Posted in Email Marketing, LuxSci Library: HIPAA, LuxSci Library: Security and Privacy
No comments »
Tuesday, September 12th, 2017
Many organizations, especially in the healthcare industry, have an urgent need to send important and sensitive information, like protected health information (what constitutes PHI?), to organizations via FAX (facsimile).
Why? Because this is how it has always been done, and everyone is “set up” to be able to handle FAXes quickly and efficiently.
Go back in time 10-15 years. Every doctor’s office and small business had one or more FAX machines for sending documents and pictures back and forth. It was essential technology that became ingrained into business processes through constant, repetitive use. Everyone knows how to use a FAX machine, even the most technologically challenged staff member.
Fast forward to now:
- Fax Machines have changed. They are now all-in-one devices that scan, print, copy, send files to your computer, and more. The “FAX” ability is now just a minor extra feature.
- HIPAA has arrived and evolved. It used to be that sending patient (ePHI) data via FAX was the norm. Now, it is perilous to send such private data over regular FAX lines, as it is easy for that process to break down and violate HIPAA. E.g. see this $2.5 million dollar law suite resulting from 1 fax message.
- Everyone has a computer or tablet. Most doctors and staff members have access to email, a HIPAA-secured computer or tablet, and familiarity with how to use them … and have been trained on best practices via the required HIPAA security training that everyone has to have now-a-days.
- Paperless offices. Workplaces have or are evolving to become paperless — everything is stored electronically. Regular FAXes are often disdained in favor or email; when regular FAXes do arrive, they are often scanned to electronic files and then destroyed.
- Low resolution. Faxes are low-resolution. They are slow and they do not contain a great amount of detail. They are not great for sending anything graphical.
Read the rest of this post »
Tags: document, facsimile, fax, hipaa, hipaa compliant, hipaa fax, hipaa security, phi, phone, protected health information, Safeguards Principle, secure, secure fax
Posted in LuxSci Library: HIPAA, Popular Posts
3 Comments »
Tuesday, April 21st, 2015
Forms are pervasive on websites; the number of forms associated with medical websites is growing exponentially as everyone is scrambling toward digital transformation. The goal of a paperless office seeks to optimize time spent processing applications and managing patient data, speeding up the process of making appointments and getting referrals, meeting meaningful use, etc.
Web forms used in the medical industry generally have to be HIPAA-compliant, however, as they almost always involve the input and transfer of ePHI in one way or another. That presents a problem as the requirements for a HIPAA-compliant website are complex and take knowledgeable and experienced developers to implement and take extra time and money to get right — and you have to get things right where HIPAA is concerned.
So, this is where most people are:
- They have a website, which itself is likely not HIPAA-compliant yet
- They have some web forms already or maybe have some forms that they want to put up
- These forms will collect ePHI
- They need to set this up and have it be HIPAA-compliant and don’t want to spend a lot of money or time getting it going.
What they need is “HIPAA Form Processing.”
Read the rest of this post »
Tags: form, hipaa, hipaa compliant, hipaa form processing, pdf forms, secureform, web form
Posted in LuxSci Library: HIPAA, Secure Form
No comments »
Monday, February 3rd, 2014
When health care organizations review their operations to see where electronic protected health information (ePHI) is being saved, transmitted, and viewed, a great deal of time is spent on the obvious candidates: email, chat, stored files, and health records, etc.
Many overlook the fact that ePHI can be embedded in Contacts, Calendars, and Tasks. Consider for example:
Read the rest of this post »
Tags: address books, android, blackberry, calendar, contacts, doctor, health care, hipaa, hipaa compliant, ipad, iphone, medical, mobile sync, nurse, synchronization, tasks, webaides
Posted in Business Solutions, Collaboration
No comments »
Wednesday, April 3rd, 2013
While use of mobile devices and tablets in medical situations is pervasive; HIPAA compliant synchronization and storage of such information is often seriously lacking. Everyone knows email can contain ePHI, but calendar appointments, address books, and task lists can and do contain just as much ePHI and their secure use must be strictly enforced.
LuxSci’s WebAide collaboration tools, combined with MobileSync for real-time synchronization with mobile phone and tablets (and Outlook 2013), provide a simple and effective HIPAA compliant solution for synchronized mobile accessible calendars, contacts and reminders or tasks (oh ya, and email).
Read the rest of this post »
Tags: acrivesync, address book, android, calendar, contacts, exchange, hipaa, hipaa compliant, ical, iphone, outlook, tasks, webaide
Posted in LuxSci Library: HIPAA, Mobile
No comments »