Are Your E-Transmissions HIPAA Compliant?
Are Your E-Transmissions HIPAA Compliant?If you haven't taken the time to evaluate your data; both the data that you actively send as well as the data at rest. If you don't you could be in violation of the new HIPAA violations. The last security rule made by HIPAA (and while the final ruling does not mandate that you encrypt all of your email transmission)it does require that you examine how all of your data is transferred on an overall scale.
There are two key items that will help you evaluate how your data is transmitted. (1)integrity controls and
Integrity control sounds a little confusing, but it really just means proper access controls and login procedures, password restriction and other user authorizations; which are the basics of most companies' e-mail policies. Integrity control is also a policy approach to e-mail security; that is, making sure your staff members know what e-mail procedures are permitted within your organization. It's important to keep in mind that your organization may not need to encrypt e-mail. But it's a good security measure if you do.
A good strategy to adopt would be for provider-to-patient e-mail messaging, encrypt all data. After giving the patient cautionary information about e-mail security, the provider must obtain a signed patient authorization to permit e-mail communications. Keep this in the patient's file and you will have no questions about whether or not the patient authorized e-mail communications in case a problem or question arises in the future.
Here are some good questions to ask yourself when accessing your data transfer security:
#1 How critical is the information being transmitted?
#2 What is the completeness of the information? That is, is this a complete medical record or is this just a snippet of information?
#3 How many individuals might be represented in the information? In other words, information about one person would have a different weight than information about a group of people;
#4 What is the level of the network's security? That's where you start to consider whether it's a local network or the Internet.
If you can not answer all these questions about your data transmission, it is likely that you will need to encrypt to ensure the integrity of your data and stay compliant with HIPAA.