Health IT and Electronic Health Activate your FREE membership today |  Log-in
5 pts.
 New to HIPAA – E-mail encryption
Can someone point me in the direction of the general guidelines for e-mail encryption requirements such as inbound e-mail requirements with PHI?



Software/Hardware used:
Exchange 2003
ASKED: December 26, 2010  3:37 PM
UPDATED: December 28, 2010  9:53 pm

Answer Wiki:
Here's a good resource (from Yale's policies): http://www.yale.edu/ppdev/Procedures/hipaa/5123/5123PR1.pdf You'll want to focus your research around the term Protected Health Information or PHI.
Last Wiki Answer Submitted:  December 27, 2010  5:12 am  by  DrJosephKim   810 pts.
All Answer Wiki Contributors:  DrJosephKim   810 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _


 

You would also need to familiarize yourself with these HIPAA Security policies :

45 CFR Part 142, § 142.308 (c). “Technical security services to guard data integrity, confidentiality and availability.” These are processes that protect information and control individual access to information.
45 CFR Part 142, § 142.308 (d). “Technical security mechanisms.” These are
controls that prevent unauthorized access to information that is transmitted across
an internal network or across the public Internet

Also there are key requirements for exchanging PHI over the Internet:

*Email attachments and forms, must have encryption, Authentication, and authorization controls to ensure their integrity

*Make sure your technology secures e-mails, and their attachments, without impacting an organization’s existing workflow, receiving or sending PHI

*Make sure HIPAA compliance protection based on specific terms such as patient social security numbers are applied

*Enables data to be protected and delivered by securing middleware Web servers, Mail Servers or Mail Clients. This protection includes the ability to track, audit, and expire messages or data in the email to ensure that patient information has been properly disclosed in accordance with existing corporate policies. Protection should be extended to e-mail even after it’s delivered to a recipient’s Inbox

*Recipients can view and reply to protected e-mail or webforms using a standard Web browser

 390 pts.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: