Today, increasingly persons are shifting to e-mail as a major type of communication. While Secure Email Server may be convenient and straightforward, it additionally raises questions for well being care suppliers who wish to contact sufferers by e-mail. How can this be carried out without violating the legal requirements of HIPAA?
There are two features of HIPAA that concern themselves with electronic communication: the Privacy Rule and the Safety Rule.
The Privateness Rule's requirements may be happy by getting clear affirmation from the affected person that she or he is aware of the dangers of transmitting confidential materials electronically, and is keen to communicate on this way. The US Department of Health and Human Services (HHS) HIPAA guidelines indicate that if a patient initiates contact with you thru electronic mail, you may assume that he or she is keen to discuss confidential matters via email. However, it's at all times smarter and safer to ask permission nonetheless earlier than sending something confidential. And make sure to confirm the affected person's Secure Email Server tackle before you send.
Whereas the Privacy Rule does not prevent health care suppliers from communicating with sufferers by way of electronic mail without encryption, it does require you to make use of widespread sense in determining the quantity and nature of well being data disclosed by means of unencrypted email. However, the Security Rule's necessities for transmitting electronic protected well being info (e-PHI) are extra stringent. Under the Security Rule, well being care providers must enact particular insurance policies to safeguard the entry to, transmission of, and integrity of e-PHI. Examples of those insurance policies embrace storing e-PHI on secure servers, limiting the variety of personnel who can entry e-PHI, and utilizing sturdy encryption when e-PHI is transmitted.
Sadly, many so-known as encrypted Secure Email Server programs, akin to Gmail, do not fulfill HIPAA secure e mail requirements, because the email is barely encrypted on the vacation spot -- it isn't encrypted in transit, and can be read by anyone with enough access. Many hospitals and other large medical institutions use methods the place a affected person can log right into a safe server and retrieve e-mail, which avoids the problem of unsecured transmissions.
The best way to make sure that your affected person e mail conforms to HIPAA standards is to consult a vendor with experience in designing encryption methods meant to ship HIPAA safe Secure Email Server. Web encryption is a quickly evolving discipline, but by investing in an encryption system now, you'll be ready to supply a invaluable service to your sufferers, and begin getting ready for future adjustments in communication methods.
Frank Thompson covers internet, Secure Email Server and business know-how matters, from discussing internet safety for corporations to explaining the significance of HIPAA safe e-mail when sending personal information online.