David, just out of curiosity, how did you become a 'Certified HIPAA Chief Privacy Officer'? Does my Chief Privacy Official need to do the same? Thx - b
Bill Bernath Blue Cross Blue Shield of North Carolina Privacy Office (919) 765-7006 [EMAIL PROTECTED] >>> <[EMAIL PROTECTED]> 04/29/02 03:17PM >>> Traditional email systems, are very difficult to make secure. They are subject to numerous potential hazards that affect security and privacy, and thus make them non-compliant. You will notice changing language in the terms and conditions of some "free" web-based email systems already - declaring their non-HIPAA compliance upfront. The problem with traditional email, is several fold I believe. First, there is the simple matter of transmission reliability. Emails are passed through a network of systems, some or all could retain copies of the email - can you get Trusted Party Agreements with each? No way - you NEVER know what systems touch your emails. Emails are also not always received. Other than requesting a "Read Receipt", there is no way to know with a traditional email what ultimately happens to it - take a look at the transmission header info of a few of your own emails and you will begin to see the problem. Security is a big problem in traditional emails. You can use "Certificates" or even PGP encrypt them, this may secure the contents, but you still have the network Trust problems. There is however, a solution for this. There is one company who has developed a new product/service/technology for a full "trusted" email network, with a secure reliable client and server. It appears fully ready to go and solid. The company is LOK technology (www.loktech.com). Their system inherently appears compliant (good enough for the CIA & NSA, former directors of both agencies are on their boards). In addition, they have a secure file transmission service called LOKvault that would replace the traditional FTP approach so many use. While, my company does not yet use it for our clients, I have evaluated it and I am strongly pushing its adoption as the standard for all our compliance implementations. One less issue to worry about. I would strongly encourage all to look at their website for more info. Regards, Dr. Tim McGuinness, Ph.D. Sr. Compliance Specialist & Solutions Architect Certified HIPAA Chief Privacy Officer DynTek Inc. www.dyntek.com -----Original Message----- From: David Frenkel [mailto:[EMAIL PROTECTED]] Sent: Monday, April 29, 2002 1:41 PM To: [EMAIL PROTECTED] Subject: RE: Transmitting Patient Information via Internet (Email) Danae, I have never seen it discussed but it would be interesting to hear people' s responses about requesting verification of an email before PHI sent. For example we are sending information about John Doe, is this facility expecting/requesting information about this person (very high level). There have been a number of high profile cases and we all do it, send emails to the wrong person. Encrypting your emails verifies the data will get to its destination unread but it may be the wrong information. I realize there are no easy answers and my suggestion is full of holes. Regards, David Frenkel Business Development GEFEG USA Global Leader in Ecommerce Tools www.gefeg.com 425-260-5030 -----Original Message----- From: dslowik [mailto:[EMAIL PROTECTED]] Sent: Monday, April 29, 2002 10:14 AM To: [EMAIL PROTECTED] Subject: FW: Transmitting Patient Information via Internet (Email) What is the standard regarding the transmittal of PHI via email to other providers etc? If the safeguards are in place (encryption, passwords, confidentiality statements, etc), are facilities encouraging or allowing this? Any feedback on this would be helpful. Thank you. Danae Slowik Director of Admissions Alaska Children's Services [EMAIL PROTECTED] ph: (907) 346-2101 ext 200 cell: (907) 301-5824 web: www.acs.ak.org ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=ivacy and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=ivacy and enter your email address. ML> ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address.
