" phi Archives - Page 6 of 7 - LuxSci

Posts Tagged ‘phi’

Opt-In Email Encryption is Too Risky for HIPAA Compliance

Tuesday, July 11th, 2017

A majority of companies that offer email encryption for HIPAA compliance allow senders to “opt-in” to encryption on a message-by-message basis. If the sender “does nothing special” then the email will be sent in the normal/insecure manner of email. If the sender explicitly checks a box or types a keyword in the body or subject of the message, then it will be encrypted and HIPAA-compliant.

Opt-in encryption is desirable because it is “easy.” End users don’t want any extra work and don’t want encryption requirements to slow them down, especially if many of their messages do not contain PHI. It is “good for usability” and thus easy to sell.

Cybersecurity opt-in email encryption

However, opt-in encryption is a very bad idea with the inception of the HIPAA Omnibus rule. Opt-in encryption imposes a large amount of risk on an organization, which grows exponentially with the size of the organization. Organizations are responsible for the mistakes and lapses of their employees. Accidentally sending unencrypted emails with PHI is an automatic breach with serious penalties.

Read the rest of this post »

Tags: email, encrypted email, hipaa, hipaa compliance, omnibus, omnibus rule, opt in, opt out, phi, reportable, secureline, unencrypted, usability
Posted in LuxSci Library: HIPAA
No comments »

How Is HIPAA-Compliant Email Different from Secure Email?

Wednesday, June 21st, 2017

Protected health information (PHI) is heavily regulated under HIPAA, but the exact details can be confusing. The regulations are designed to keep everyone’s private information safe, but they also put a significant amount of responsibility on businesses.

HIPAA regulations apply to just about every aspect of a person’s medical information, including their transit, storage and security. Because email is such an important and extensively-used form of communication, HIPAA regulations apply to it as well.

HIPAA-compliant email vs secure email

Some may think that secure and encrypted email is all you need to keep PHI safe and emails compliant. The reality is that HIPAA email regulations go above and beyond standard secure email. To protect your business, you need to make sure that your email provider is HIPAA-compliant, not just secure.

Read the rest of this post »

Tags: baa, hipaa, hipaa-compliant email, phi, secure email
Posted in LuxSci Library: HIPAA
1 Comment »

Is sharing my patient list with a marketing company OK under HIPAA?

Saturday, February 11th, 2017

We received this questions via Ask Erik from the head of a Dental Practice (who wished to remain anonymous):

“I want to create a Refer-a-Friend program, for a dental practice, that will be managed by a third party marketing agency.  The third party needs only my patient names and address to do an on-going e-mail campaign, no PHI will be given to the third party — just name and e-mail address.

Because I am ‘Marketing” to my own list, and I am NOT marketing any third party products, and I am not receiving any third party payment for anything:

* Am I in any HIPAA danger? (No PHI is ever exchanged, and I am NOT marketing anyone else’s product.)

* Because my PHI is de-identified from the associated names and e-mail addresses, is it OK for me to hand over my patient mail list to my marketing agency (being very careful of course to include NO PHI)?

* Does HIPAA specifically prevent me from marketing my own products to my patient list? I know that marketing other people’s products to my list will require prior consent. But, marketing my own Refer-a-Friend program… how is that a violation?

NOTE: PHI is defined as: “(A) is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and (B) relates to the past, present, or future physical or mental health or condition of any individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.”

So, is a mail list of my patients’ names and e-mail addresses considered to be PHI (if it contains no associated PHI as defined above)? The definition above would say NO. The definition above states that it is ONLY the health information about a patient — NOT the patient’s name and e-mail addresses themselves.

Also, on the mail list for the Refer-a-Friend marketing program, there will be names other than patients, probably about 5% are not patients. Does this influence the phi/non-phi question?

This is a very important distinction. Having clarity on this question could free up a lot of us to proceed with e-mail marketing.

If a mailing list, for a dentist, that contains 95% patients and 5% non-patients, and NO health information (just names and addresses)… is it considered PHI?”

Read the rest of this post »

Tags: hipaa, marketing, phi
Posted in LuxSci Library: HIPAA
No comments »

What exactly does HIPAA say about Email Security?

Friday, August 30th, 2013

Performing daily business transactions through electronic technologies is accepted, reliable, and necessary across the nation’s healthcare sectors. Therefore, electronic communications and email have become a standard in the healthcare industry as a way to conduct business activities that commonly include:

  • Interacting with web-savvy patients;
  • Real time authorizations for medical services;
  • Transcribing, accessing and storing health records;
  • Appointment scheduling;
  • Referring patients; and
  • Submitting claims to health plan payers for payment of the services provided.

Read the rest of this post »

Tags: access control, addressable, audit controls, authentication, covered entities, email security, email security rule, encryption, ePHI, Health Insurance Portability and Accountability Act, heathhealthcare, hipaa, hitech, integrity, omnibus, phi, privacy, protected health information
Posted in AAA Featured Articles, LuxSci Library: HIPAA
9 Comments »

How the HIPAA Omnibus Rule Affects Email, Web, FAX, and Skype

Monday, May 6th, 2013

We have written extensively in the past about the impact of HIPAA regulations on email services, web hosting, faxing, and Skype use.  The recent HIPAA changes reflected in the Omnibus rule have a significant impact on the use of these types of services.  Here, we examine the new and important considerations based upon the HIPAA Omnibus Rule.

Read the rest of this post »

Tags: email, fax, hipaa, omnibus, phi, skype, web
Posted in LuxSci Library: HIPAA
No comments »

« Older Entries
Newer Entries »