" security rule Archives - LuxSci

Posts Tagged ‘security rule’

Can You Send ePHI in Insecure Emails and Texts with Mutual Consent?

Tuesday, April 27th, 2021

Email and text messaging are among the most common forms of business communication. However, if you are sending ePHI, regular texts and emails are off limits! If you are subject to HIPAA regulations, you will need mutual consent from your patients before sending ePHI insecurely via these methods.

This may seem frustrating because text and email are easy and switching to a secure service can feel like a lot of work. However, when ePHI is mishandled it can have significant repercussions. Personal information can be stolen, made public, and even used in fraud.

Text messaging and normal email carry significant risks to ePHI, because they aren’t designed to be secure. While it is best to only send ePHI over secure services, there may be instances where the patient wants to communicate over these insecure methods. Because of the risks, your organization needs signed mutual consent waivers to proceed with insecure communication.

Does HIPAA Allow Mutual Consent?

Read the rest of this post »

Tags: consent, ePHI, hhs, hipaa, hipaa compliance, mutual, mutual consent, omnibus, phi, privacy rule, risk, security rule, unencrypted email
Posted in LuxSci Library: HIPAA
No comments »

Patient Privacy Issues with Unencrypted Email

Monday, August 28th, 2017

We have scoured the internet for real-life examples of emails in medical scenarios to convince our readers of our points in past posts about the perils and pitfalls of using unencrypted emails for communications. Email is one of the oldest (some even refer to it as “legacy”) tools in our always-connected, digital world. However, its use between patients and their medical providers and between doctors and their business associates can be fraught with issues that may violate the Health Insurance Portability and Accountability Act (HIPAA) provisions.

The HIPAA privacy rules require covered entities and their business associates to protect patients’ health information from unauthorized disclosure. The HIPAA security rules do not mandate specific technologies or prohibit others. In fact, HIPAA:

“…allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they apply reasonable safeguards when doing so.

An imperfect understanding of patients’ privacy concerns, lack of proficiency in using computers or access to them, and misguided policies on usage play a part in HIPAA privacy breaches. The consequences of such breaches can be quite burdensome for the medical provider.

HIPAA-compliant email

Medical providers often forget (or might even be unaware of) “reasonable safeguardsthat can easily be implemented to prevent emails from leaking information that patients might consider as compromising their privacy. By analyzing real-life examples of how email is used (well, actually misused) in practice, we hope this post can convince you of reasonable safeguards to make email a valuable and efficient part of your workflow while conforming to HIPAA.

Read the rest of this post »

Tags: breach, email, encrypted email, hipaa, insecure email, privacy rule, security rule, unencrypted email
Posted in LuxSci Library: HIPAA, LuxSci Library: Security and Privacy
No comments »