The standard for transmission security (§ 164.312(e)) also includes addressable specifications for integrity controls and encryption.
However, the standards for access control (45 CFR § 164.312(a)), integrity (45 CFR § 164.312(c)(1)), and transmission security (45 CFR § 164.312(e)(1)) require covered entities to implement policies and procedures to restrict access to, protect the integrity of, and guard against unauthorized access to e-PHI. “The Security Rule does not expressly prohibit the use of email for sending e-PHI. The OCR also interprets the HIPAA Security Rule to apply to email communications. By the same token, however, if the use of unencrypted email is unacceptable to a patient who requests confidential communications, other means of communicating with the patient, such as by more secure electronic methods or by mail or telephone, should be offered and accommodated. For example, a health care provider should accommodate an individual’s request to receive appointment reminders via email rather than on a postcard, if email is a reasonable alternative means for that provider to communicate with the patient. Note that an individual has the right under the Privacy Rule to request and have a covered health care provider communicate with him or her by alternative means or at alternative locations, if reasonable.
Must providers consent to the use of email for communications with patients? If the provider feels the patient may not be aware of the possible risks of using unencrypted email or has concerns about potential liability, the provider can alert the patient of those risks and let the patient decide whether to continue email communications.” If this situation occurs, the health care provider can assume (unless the patient has explicitly stated otherwise) that email communications are acceptable to the individual. “Patients may initiate communications with a provider using email. What if a patient initiates communications with a provider using email? The OCR says: For example, certain precautions may need to be taken when using email to avoid unintentional disclosures, such as checking the email address for accuracy before sending, or sending an email alert to the patient for address confirmation prior to sending the message.” “The Privacy Rule allows covered health care providers to communicate electronically, such as through email, with their patients, provided they apply reasonable safeguards when doing so. But what is considered reasonable? The Office of Civil Rights (OCR) of the Department of Health and Human Services includes several statements on its HIPAA FAQs page. Notably … Under many HIPAA regulations, the standards call for reasonable safeguards, reasonable approaches, reasonable policies, etc. But they should be using reason to think about how they are protecting PHI. But like much of HIPAA, people in covered entities start with the premise they are to protect PHI. HIPAA compliant email is discussed in the HIPAA FAQ pages. What do the Privacy and Security rules allow – or prohibit – when it comes to HIPAA and email? Many people are looking for specifics on HIPAA-compliant emails. This means the first rule of avoiding unauthorized disclosure of PHI is to get the email address right!Ĭontact Us Today HIPAA and email can coexist … it’s a matter of understanding the rules So, the email doesn’t get to the patient but does go to someone else who actually has the incorrect email address. What is increasingly common is that a patient’s email address has been entered into a record with errors. It bears repeating that the Internet, and things like an email sent over the Internet, is not secure. Although it is unlikely, there is a possibility that information included in an email can be intercepted and read by other parties besides the person to whom it is addressed. These folks should consider the HIPAA compliance requirements to protect PHI from unauthorized disclosure. Many providers use email to communicate with patients where protected health information (PHI) may be exchanged. In any case, it’s not going away anytime soon, especially for communications between individuals and health care providers. This may be due to a quest for newer methods of communication or because email has become as odious as unwanted mail from the post office.
#HIPPA SECURE EMAIL SOLUTIONS SERIES#
Part one of a two-part series on HIPAA and email.Įmail has been widely used by both businesses and the general public for much of the last thirty years, and reliance on it has found its way into the daily lives of millions. In fact, email has been around so long that its use has become passe for some people.
0 kommentar(er)
