I'm also very interested in hearing how other entities are dealing with this, in lieu of the security rules being finalized. One policy I've been looking at/wrestling with for a long time now is the HCFA Internet Security Policy, issued November 1998 - this policy specifically says that in Section 4 -- "HCFA has prohibited the use of the Internet for the transmission of all HCFA Privacy Act-protected and other sensitive HCFA information by its components and Medicare/Medicaid partners, as well as other entities authorized to use this data. ...............(Section 5)It is permissible to use the Internet for transmission of HCFA Privacy Act-protected and/or other sensitive HCFA information, as long as an acceptable method of encryption is utilized to provide for confidentiality and integrity of this data, ......."
We are a Health Plan that only administers Medicaid, and we have a policy that states member information can be shared via email only internally to our own workforce because it isn't going through the internet. Our policy states we won't use the Internet to pass member information to our business associates because no one (that I've been able to find) has internet security good enough to meet this policy. How are other entities that deal with Medicaid and Medicare member data using the internet now? Our business associates really want to use the Internet for all kinds of business processes. Tomese Buthod Director, Compliance/Projects Passport Health Plan 502-585-7925 502-585-6060 (fax) -----Original Message----- From: Bill Bernath [mailto:[EMAIL PROTECTED]] Sent: Monday, April 08, 2002 4:33 PM To: [EMAIL PROTECTED] Subject: Securing E-mail We've talked about our needs to provide reasonable protection for verbal, paper and electronic PHI content. Another critter we need to wrestle with is how do we handle at least two families of e-mail? One set is that which is used in a legitimate exchange between ourselves and our business associates and providers. These audiences will likely have varied levels of security sophistication at their end. The second group is the internal 'use' by the gossip hotline, where members of the workforce are sharing sensitive stuff with their pals, because they can..... Other than having a strong personal accountability policy, has anyone considered other solutions? Thx - b Bill Bernath Blue Cross Blue Shield of North Carolina Privacy Office (919) 765-7006 [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address.
