Embedded Files
The Health Insurance Portability and Accountability Act was updated in 2013 to include a new Security Rule requiring HIPAA compliant email for the safe transmission of protected health information. However, the law still has limitations. It is important to remember that most email providers are not automatically HIPAA compliant.
There are some simple measures to keep patient data secure. First, use a secure email provider. A secure provider means that the server is encrypted and that the message is sent securely, not just the way it arrives in your inbox.
Second, consider the privacy officer's role. They should have a way to detect and respond to breaches. And, they should have a way to manage risk analyses.
Third, the law does not require encryption. Some providers offer a Business Associate Agreement (BAA) that outlines how their servers will handle PHI. Generally, these BAAs only cover the server. But they are important.
Fourth, the law requires that you make sure the service you choose meets the minimum standards of the HIPAA Security Rule. That includes encrypting emails to ensure that only the intended recipient can read the content. In addition, using a firewall is a good idea.
Finally, the law requires you to make sure your staff is educated about email and the HIPAA requirements for safe communication of PHI electronically. You should also have an office policy on the subject. This is especially true when it comes to educating your employees about the appropriate uses of their personal email account.
Page updated
Google Sites
Report abuse