Solved

is my email hippa compliant?

Posted on 2014-04-08
4
426 Views
Last Modified: 2014-04-15
hi experts,

 I have yahoo plus email setup in outlook and I use it to email patient forms/information. Is this hippa compliant?
0
Comment
Question by:frankbustos
  • 2
  • 2
4 Comments
 
LVL 14

Accepted Solution

by:
Michael Dyer earned 500 total points
ID: 39987248
Email in general is not secure. There is really no way to know that the person receiving the email you sent is who you intended. This is especially so in companies whose messaging system is controlled through an IT department.

Often companies have an email policy in place informing employees that they should expect no privacy as it relates to using the company’s email or Internet systems. So, those people handling sensitive information, including discussing diagnoses and treatments for patients, need to be aware that general email has no guarantee of privacy.

Generally HIPAA requires three things when it comes to email:

Strong security:

According to Section 164.314(a) of HIPAA, it is the responsibility of the health care provider to ensure that everyone involved in handling such confidential and personally-identifying information complies with the safeguards established by the HIPAA laws. Most providers meet this requirement by adding extra security around email like secure email, scanning outbound emails for sensitive data, and having a good handle on who is allowed to access email.  One way you can do this is to zip up documents with a password and then verbally provide the password to your client.

Consent:
The HIPAA Omnibus Final Rule released March 18, 2013 states that clients are allowed to authorize communications via email, but to do so the client must be informed of the risks relating to sending protected health information via email before they sign the authorization. Most firms have a consent form that clients must fill out before email can be used.  You should have this included with your standard forms your client signs consenting to receiving medical information via email.

Business Associate Agreement:
Many health care providers use a third party (like Gmail, Microsoft, or their IT company) for email. In your case, you are using Yahoo Plus.  These firms are referred to by HIPAA as “Business Associates.” These Business Associates are required to sign an agreement that states they will protect a patient’s confidential information with the same high standards required of the health care provider.  Yahoo does not sign BAA agreements regarding email.  

So, sending any protected health information via email with Yahoo Plus would be a HIPPA violation unless it is attached to the email in an encrypted, password protected file.
0
 

Author Comment

by:frankbustos
ID: 39987285
thanks michael for the details. So, what step/solution do you recommed I go with?
0
 
LVL 14

Expert Comment

by:Michael Dyer
ID: 39987342
Well, your cheapest option is to use a program like Winrar (http://www.rarlab.com/) to create zipped files with encryption and then email the encrypted file as an attachment and provide the password to your client verbally.  The other option is to use a different email service that is HIPPA compliant, but typically you have to pay a monthly service fee for those.  

HIPPA does permit faxing of patient information with the patient's consent so you could also consider just using a fax machine instead of sending email.
0
 

Author Closing Comment

by:frankbustos
ID: 40002270
thanks!
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this era, as you know, cybercrime and other sorts of frauds using the internet has increased day by day. We should protect our information assets and confidential information from getting exploiting by the attacker or intruders. Most of the fraud…
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now