| Every business owner in the country knows | | | | for their own gain, which is why HIPAA specifically |
| about HIPAA and HIPAA Encryption Compliance. A | | | | mentions it. |
| law introduced in the 1990s and updated in 2003 | | | | HIPAA encryption compliance isnt voluntary, its |
| to cover the use and protection of protected | | | | mandatory, and there are stiff penalties for |
| medical information or PHI. Although the legislation | | | | transgression. There are two pertinent parts of |
| has been around for a while, a 2006 survey of | | | | the HIPAA that relates to email encryption, The |
| healthcare providers found only half were | | | | Privacy Rule and the Security Rule. |
| completely compliant with the requirements of | | | | The Privacy Rule gives individuals the right to |
| HIPAA. | | | | request that a covered entity correct any |
| With personal information being traded across the | | | | inaccurate PHI. It also requires covered entities to |
| world for both legal and nefarious reasons, you | | | | take reasonable steps to ensure the confidentiality |
| need to protect your details as much as possible. | | | | of communications with individuals. |
| You dont have to be a well-known figure, | | | | This Rule specifies that every effort must be |
| celebrity or top businessman to want to protect | | | | taken to protect PHI when its stored, used, |
| your information, company or otherwise. | | | | viewed and transmitted. The use of email |
| Of course if you run a company that has | | | | encryption is mandatory for any body that has |
| employees with medical insurance, or process or | | | | access to or deals with PHI. |
| any way deal with medical records or insurance, | | | | The security rule is very specific. |
| you have no choice but to protect yourself. | | | | Covered Entities must maintain reasonable and |
| HIPAA encryption compliance specifies that any | | | | appropriate administrative, physical, and technical |
| electronic correspondence that has PHI included in | | | | safeguards to protect the confidentiality, integrity, |
| it must be encrypted. It also specifies that the | | | | and availability of their EPHI against any |
| correspondence should also be securely archived, | | | | reasonably anticipated risks. |
| time-stamped, indexed, tamper-proof and be | | | | This includes the use of email encryption. |
| available when requested. | | | | Fortunately it isnt as difficult, or as cumbersome |
| Many hospitals, doctors and clinics consult by email. | | | | as it used to be. There are now specific programs |
| Medical records are also transmitted via email, as | | | | that sit alongside, or within email clients and |
| are insurance details. We do most of our business | | | | servers that encrypt email before its sent. This |
| over the internet and email, medicine too. This can | | | | automatic process allows companies to fully |
| make people a little uncomfortable, knowing their | | | | comply with HIPAA while not having to spend |
| information is out there somewhere floating | | | | extra time administering it. |
| around the ether. Even on a short trip, an email is | | | | There is now no real excuse for a business that |
| copied at least a couple of times by each email | | | | deals in PHI to not be fully compliant. The means |
| server it transits. Someone with the access and | | | | are there, the cost has reduced, it just takes the |
| ability could easily get that information and use it | | | | will of business to adopt it. |