Thanks for the discussion guys. This has been recently brought up here where I work, and like Bob, we're not a medical entity, however, HR does use email to correspond with our health insurance provider. I've taken all the companies mentioned in this discussion and am passing it on to those in the decision making area so that they can see that we don't have to do an all or nothing approach. When it was mentioned to my boss, he was under the assumption that it was all or nothing and didn't pursue researching it.
I love this list, once again thanks to you all, I look like a genius guru...... On Wed, Jun 17, 2009 at 10:44 AM, paul chinnery <[email protected]> wrote: > Jeff, my sentiments exactly. We doing almost the exact same thing as you. > We do, however, sometimes send PHI as an attachment encrypted by PKzip or > Winzip (the p/w is given over the phone and not emailed). > The feds may get a lot more restrictive with the new HITECH initiative. And > just last year, they did their first HIPAA audit at a hospital that was not > generated by a complaint. > > ------------------------------ > Date: Tue, 16 Jun 2009 16:18:50 -0500 > Subject: Re: HIPPA help > From: [email protected] > To: [email protected] > > You need to be able to demonstrate(in writing) that you have thought about > how sensitive data is protected. Biggest part of work(and it is ongoing for > us) was/is to teach/convince our employees that patient data NOT be sent > using email to anyone outside our organization. We have yet to decide email > was the only or even preferred method of getting sensitive data to people > outside our buildings/network. Up to this point I believe that has saved > us a lot of money. I don't know how long we will be able to do things the > way we are, which is to say we use the fax machine a lot. Please don't > suggest that we are spending more money than we know on faxes, we do almost > ALL our business in this local market, so we aren't paying long distance > fees on those faxes. I do hate the faxing technology in general though. > > On Tue, Jun 16, 2009 at 4:03 PM, Bill Lambert <[email protected]>wrote: > > +2 > > Bill Lambert > Concuity > 847-941-9206 > > > -----Original Message----- > From: Erik Goldoff [mailto:[email protected]] > Sent: Tuesday, June 16, 2009 4:02 PM > To: NT System Admin Issues > Subject: RE: HIPPA help > > + 1 > HIPAA is a set of *recommendations* for the standard of security, but there > are few, if any granular, detail level requirements ... > > > > Erik Goldoff > IT Consultant > Systems, Networks, & Security > > > -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Sent: Tuesday, June 16, 2009 4:40 PM > To: NT System Admin Issues > Subject: Re: HIPPA help > > On Tue, Jun 16, 2009 at 3:40 PM, Bob Fronk <[email protected]> wrote: > > I am in the middle of a HIPPA compliance review. One of the > > consultants is suggesting that all our email be encrypted because it > > may contain HIPPA related information. > > HIPAA is a mess, and it's been a while for me, but as I recall, the > regulations generally don't require specific mechanisms like encryption for > particular tasks. You have to take steps to protect it. You don't have to > be crazy. > > Chances are they're just talking out of their rectum. Consultants do that > a lot. It's especially common when it comes to compliance; the consults go > for overkill "to be safe". > > Ask them to quote chapter and verse from an actual law or regulation. > When they can't, thank them for the suggestion and move on to the next > item. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > > ------------------------------ > Insert movie times and more without leaving HotmailĀ®. See > how.<http://windowslive.com/Tutorial/Hotmail/QuickAdd?ocid=TXT_TAGLM_WL_HM_Tutorial_QuickAdd_062009> > > > > > > -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
