November 12, 2015 Aspida Mail, HIPAA
It’s not uncommon to turn on the morning news and hear about another company whose information has been compromised. We are living, and working, in a cyber-world and cyber-crime exists as a fact of life for those of us who use computers.
With most of our businesses operating on a network infrastructure relying on access to the Internet, additional steps and practices need to be implemented in order to protect yourself and your patients.
One of these vulnerabilities to address is email. Email is convenient. We can receive messages on our computers, mobile devices, tablets, and respond at our leisure. Due in part to its ease, it is a preferred form of communication for many people. With this ease come inherent risks.
An email is comparable to a postcard. Its contents are susceptible to being viewed by individuals other than the intended recipient. As a Covered Entity, you are responsible, by HIPAA law, for safeguarding your patient’s data.
Anytime electronic Protected Health Information (ePHI) is being sent in an email, HIPAA recommends implementing procedures to ensure secure transmission and storage. The easiest way to do this is to utilize an encrypted email system.
Ideally, look for a provider that offers the option to send regular vs. encrypted mail. For example, Aspida Mail, is triggered by a keyword, encrypt in the subject or body of an email. If that keyword is omitted, all emails flow as usual.
Additionally, if you are receiving ePHI to your email, verify you are implementing secure storage procedures. Typically, (free) Gmail, Aol & Yahoo Mail do not store securely.
Aspida Mail takes over your existing mail server – ensuring secure storage of all mail messages.
Additional tips:
Opening Emails
• Use a mail solution that has antivirus and a robust spam filter enabled.
• Inspect all email messages thoroughly, including the sender’s address.
• Do not open any email that looks suspicious. If you do not know the sender, treat it as suspicious email.
Sending Emails
• Confirm the email address with which you are sending information.
• Do not put any ePHI in the subject line of an encrypted email – this information is still transmitted through an unsecure environment.
By familiarizing yourself and your team about these email procedures, you’ve taken the first steps to protection. The next step would be to figure out what works best for your practice and come up with a plan for implementation. And don’t forget, documentation of all policies and procedures is key!