Alert: New HIPAA Rules Could Affect Your Organization's Email System
On April 21, 2005, a new Health Insurance Portability and Accountability Act (HIPAA) security rule went into effect. The requirements of this rule, which are basically information security best practices, focus on the three cornerstones of a solid information security infrastructure: confidentiality, integrity and availability of information.
The HIPAA regulatory requirements encompass transmission, storage and discoverability of Protected Health Information (PHI). Given the widespread use and mission-critical nature of email, enforcement of HIPAA encryption policies and the growing demand for secure email solutions, email security has never been more important to the healthcare industry than it is right now.
Although many assume it applies only to health care providers, HIPAA affects nearly all companies that regularly transmit or store employee health insurance information. HIPAA was signed into law in 1996 by former President Bill Clinton, with the intent of protecting employee health and insurance information when workers changed or lost their jobs. As Internet use became more widespread in the mid-to-late 1990s, HIPAA requirements overlapped with the digital revolution and offered direction to organizations needing to exchange healthcare information.
HIPAA in the Workplace
Collaboration between employers and healthcare professionals has grown increasingly digital, and email has played an ever-increasing role in this communication. However, email’s increased importance can lead to severe consequences without proper security and privacy measures implemented.
In addition to the usual concerns about privacy and security of email correspondence, even organizations that are not in the healthcare industry must now consider the regulatory compliance requirements associated with HIPAA. The Administrative Simplification section of HIPAA, which, among other things, mandates privacy and security of Protected Health Information (PHI), has sparked concern about how email containing PHI should be treated in the corporate setting. HIPAA, as it relates to email security, is an enforcement of otherwise well-known best practices that include:
* Ensuring that email messages containing PHI are kept secure when transmitted over an unprotected link
* Ensuring that email systems and users are properly authenticated so that PHI does not get into the wrong hands
* Protecting email servers and message stores where PHI may exist
Organizations regulated by HIPAA must comply and put these practices in place. However, the need to comply with regulations puts particular pressure on the healthcare industry to enhance their use of technology and “catch up” with other industries of similar size and scope.
Privacy and Email Security
The privacy protection provisions in HIPAA pose a major compliance challenge for the healthcare industry. These provisions are intended to protect patients from disclosure of any of their individually identifiable health information. Organizations that fail to protect this information face fines ranging from $10,000 to $25,000 for each instance of unauthorized disclosure. If the disclosure is found to be intentional, HIPAA provides for fines ranging from $100,000 to $250,000 and possible jail time for individuals involved in the violations.
The clock is ticking – it’s time to get started
Bringing an enterprise into compliance with the rules set by HIPAA can seem like a very daunting task to even the most experienced executives. Nonetheless, the growing dependence on email as a mission-critical application requires that your organization implement comprehensive security and privacy policies – and soon. A solid combination of security policies and the technologies to enforce those policies can ensure improved security as well as HIPAA readiness and ongoing adherence.
About the author:
Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security solutions. Learn how to make your email system comply with HIPAA regulations by visiting www.ciphertrust.com
Other Related Articles
Olga Brunner to Present Entrepreneurial Options for FAU Health Administration Students
According to Olga Bruner, founder of A Good Daughter, Inc., based in Margate, Florida (www.agooddaughter.com), “I attended my first caregiver conference in 2001 while I was caregiver to my own mom. I never realized that there was such a large community of support, and resources available from local...
Questions to Ask Mental Health Experts
If you or someone you love visits a therapist, there are
questions you need to ask to avoid problems. Some therapists are
more advanced than others are, and after 24 of walking in and
out the door of mental health offices, I can tell you that some
are not qualified to diagnose anything that is...
Inadequate Sex Awareness Poses Adolescent Health Risk
It is not uncommon, in a country like Bangladesh, that conversation about sexual issue remains a taboo. It is high time, that such taboo should be unshackled. Else, the ticking time bomb of HIV/AIDS could peter out risking 23percent adolescents of 130 million adolescents population of...
Olga Brunner to Present Entrepreneurial Options for FAU Health Administration Students
According to Olga Bruner, founder of A Good Daughter, Inc., based in Margate, Florida (www.agooddaughter.com), “I attended my first caregiver conference in 2001 while I was caregiver to my own mom. I never realized that there was such a large community of support, and resources available from local...
Questions to Ask Mental Health Experts
If you or someone you love visits a therapist, there are questions you need to ask to avoid problems. Some therapists are more advanced than others are, and after 24 of walking in and out the door of mental health offices, I can tell you that some are not qualified to diagnose anything that is...
Inadequate Sex Awareness Poses Adolescent Health Risk
It is not uncommon, in a country like Bangladesh, that conversation about sexual issue remains a taboo. It is high time, that such taboo should be unshackled. Else, the ticking time bomb of HIV/AIDS could peter out risking 23percent adolescents of 130 million adolescents population of...