" hipaa-compliant email Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more
LUXSCI

Posts Tagged ‘hipaa-compliant email’

Will Email Ever Be Truly Secure?

Tuesday, November 6th, 2018

Email gateways are a leading cause of security breaches. The optimistic view is that effective email security practices, firewalls, mobile device security, wireless security, endpoint security, web security, behavioral best practices, data loss prevention and network access control – among other solutions – can ensure foolproof security. The realistic view is that email – or anything for that matter – cannot be truly secure.

To err is human. Technology advancement is a boon and a bane: cyber attacks are more sophisticated than before. You can trust no one security solution, place your full trust on end-to-end encryption (currently the most secure way to communicate securely and privately online) or predict when someone will break into your device and access your email.

The road to HIPAA compliance is paved with many risks, possibilities and outcomes. Well-researched and thoughtful implementations are essential but there are many decisions to make and loose ends to tie up. Your ePHI protection, privacy and confidentiality practices may be excellent, but your employees may still mistakenly dispose of a fax machine or hard drive that contains retrievable PHI. Or some of your staff may fail to observe the policy of what needs to be encrypted and what does not.

will email ever be secure

 

And if you thought that email encryption, cryptographic protocols and even your computer system and CPU were protecting your data at all times, think again…

Read the rest of this post »

HIPAA-Compliant Email Checklist – 8 Things You Need to Know

Tuesday, August 14th, 2018

The Health Insurance Portability and Accountability Act (HIPAA) applies to protected health information (PHI). When stored or transmitted electronically, the HIPAA Security and Privacy Rules require covered entities to safeguard the integrity and confidentiality of electronic protected health information (ePHI). The most common way in which ePHI is shared is via email. No wonder then that HIPAA-compliant email security is a critical concern for healthcare organizations, with a majority preferring to outsource this item to knowledgeable providers.

HIPAA compliant email checklist

The HIPAA email security rule

The HIPAA Security Rule pertaining to email explicitly requires adequate protection for all patient data and does not endorse or prohibit the use of any specific technologies to ensure robust protection. The rule lays down four standards:

Read the rest of this post »

HIPAA Email: Does it Require Encryption?

Tuesday, July 31st, 2018

HIPAA’s encryption requirements fall in a grey area. This is mainly due to two reasons:

  • encryption is required when ‘deemed appropriate’, which means email encryption is not absolutely necessary and ‘mutual consent’ can be used in place of encryption.
  • there are a number of ‘addressable requirements’ pertaining to the technical safeguards as far as ePHI encryption is concerned

What exactly is mutual consent?

Mutual consent refers to a mutual understanding between doctor and patient that email containing ePHI can be sent to patients’ email account without encryption. Patients should communicate their approval in writing after being informed of the security risks and understanding that a secure option is available. You must additionally maintain all records of mutual consent.

HIPAA Email Encryption

Mutual consent does not waive off other HIPAA-related requirements. You must still use HIPAA complaint systems, log and audit non-encryption choices, and back-up and archive all email communications sent insecurely, etc.

Encryption at rest is ‘addressable’

‘Addressable’ means that the safeguard should be implemented or an alternative to the safeguard that delivers the same results should be implemented. In the absence of both, you should document and justify why no action has been taken with regard to the safeguard.

Read the rest of this post »

How Is HIPAA-Compliant Email Different from Secure Email?

Wednesday, June 21st, 2017

Protected health information (PHI) is heavily regulated under HIPAA, but the exact details can be confusing. The regulations are designed to keep everyone’s private information safe, but they also put a significant amount of responsibility on businesses.

HIPAA regulations apply to just about every aspect of a person’s medical information, including their transit, storage and security. Because email is such an important and extensively-used form of communication, HIPAA regulations apply to it as well.

HIPAA-compliant email vs secure email

Some may think that secure and encrypted email is all you need to keep PHI safe and emails compliant. The reality is that HIPAA email regulations go above and beyond standard secure email. To protect your business, you need to make sure that your email provider is HIPAA-compliant, not just secure.

Read the rest of this post »

Your Guide to HIPAA-Compliant Email

Thursday, July 21st, 2016

Questions surrounding HIPAA-compliant email and how to email safely are pervasive. As the healthcare sector becomes more technologically savvy, both patients and medical staff are becoming comfortable with conferring over email. Patients are looking to receive their health information quickly and directly to their email inboxes, which they can then access from anywhere. There’s also a huge time-saving benefit to emailing a physician to ask about a medication prescription refill, or to email a doctor’s office to inquire about an appointment. Likewise, staff rely on email systems amongst themselves to exchange patient information or to simply communicate. There are even some insurance companies that are recognizing and covering online consultations as “telemedicine.” It’s all a part of keeping healthcare more convenient and effective for everyone.

However, as convenient as email may be, it raises a number of red flags when it comes to HIPAA-compliance. Before you engage in healthcare-focused emails from patient to healthcare clinic or vice versa, find out how to ensure your email correspondence remains HIPAA-compliant.

HIPAA-compliant email

Read the rest of this post »

LUXSCI