Doug,
You make a tremendous point. The reasonable safeguards (administrative,
physical and technical) need to be implemented wherever the PHI resides.
Rather than trying to implement safeguards for every remote user, it is
much simpler to leverage the organization's existing infrastructure by
Carolyn,
Jonathah's question was about the need for encryption on a dial-up line. For detailed
discussions, he should see the Security listserv.
Generally, though, a direct dial-in connection to a receiver's system (not via the
Internet) would be considered an acceptable risk if you trust the
Jonathan,The Privacy Rule does not specify any particular security method for transmitting PHI, whether for email, dial-up, or other transmission type. The Rule requires appropriate technical safeguards to protect the privacy of PHI. Your organization should examine the level of risk in any
Does anyone have some good examples of non-routine and non-recurring disclosures?
I have included marketing as a non-routine and non-recurring for a
policy example but was hopeful someone had some additional examples.
Thanks!
Greg Bard
NASCO
HIPAA Privacy and Security Project
