November 12, 2015 Aspida Mail, HIPAA
Let’s picture a postcard. This mode of communication is perfect for documenting your latest trip laden with landmark pictures on the front and a simple “Wish you were here” written on the back. Anyone can flip over the postcard, read your sentiments. You’d never write anything too personal knowing this postcard can be an open book. No need to safeguard this innocent letter.
We are a professional cheap jerseys online store which is supplying you with the best NBA jerseys at cheap prices for all the seasons!
Now imagine if it has your social security number written on the back under your name. Not so innocent anymore! This is exactly what an email is. A regular email is open for anyone to view while in transit to its recipient. Now imagine a letter, duct taped and carried by an armored van to the recipient. This is an encrypted email.
As a Covered Entity, you are responsible, by HIPAA laws, for safeguarding your patient’s data.
Anytime electronic Protected Health Information (ePHI) is being sent in an email, HIPAA recommends implementing procedures to ensure secure transmission and storage. The easiest way to do this is to utilize an encrypted email system.
Ideally, look for a provider that offers the option to send regular vs. encrypted mail. For example with Aspida Mail it is triggered by a keyword, encrypt in the subject or body of an email. If that keyword is omitted, all emails flow as usual.
Additionally, if you are receiving ePHI to your email, verify you are implementing secure storage procedures. Typically, (free) Gmail, Aol & Yahoo Mail do not store securely.
Use a mail solution that has antivirus and a robust spam filter enabled.
Inspect all email messages thoroughly, including the senders address.
Do not open any email that looks suspicious. If you do not know the sender, treat it as suspicious email.
Confirm the email address with which you are sending information.
Do not put any ePHI in the subject line of an encrypted email – this information is still transmitted through an unsecure environment.
By familiarizing yourself and your team about these email procedures, you’ve taken the first steps to protection. The next step would be to figure out what works best for your practice and come up with a plan for implementation. And don’t forget, documentation of all policies and procedures is key!