RE: digital PHI and snail mail
Title: Message Consider the following corollary: The Security Rule does not proscribe encryption for electronic transmissions of data. This is an addressable element that must be assessed by the covered entity. However, as long as the method of transmission is considered secure (or "good enough"), the covered entity could elect to not encrypt the data and document that decision as part of their assessment of Security compliance. Under the Privacy Rule, "conduits" such as USPS, UPS, and FedEx are not required to sign business associate agreements because they are considered "secure" conduits for the data they handle. This includes direct modem connections using POTS lines (Plain Old Telephone Service). Data sent via secure transmission methodology could be addressed in such a way that encryption is not required. Conduits are considered secure, therefore, the covered entity can decide that the data sent/received through conduits does not need to be encrypted. A covered entity may elect to encrypt data sent via conduit but must work with their business associates to make sure they can adequately handle decrypting the data. Comments?Thanks, Mike McKinlay McKesson Confidentiality Notice: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. -Original Message-From: Dave Weiler [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 1:42 PMTo: WEDI SNIP Privacy Workgroup ListSubject: digital PHI and snail mail Anyone have any information on how privacy/security regs affect digital PHI (on zip disk/CD/DVD) being sent via regular mail and/or UPS or FedEx. Does the data need to be encrypted? --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: digital PHI and snail mail
Diskettes, zip disks, CDs, DVDs are covered under 'Device and Media Controls.' Determine through risk assessment if you need to encrypt or not. Encryption is addressable. Personal opinion - non-encrypted through the mail is fairly risky (especially if sent regular mail, not express or priority). UPS/Fed-X probably a bit less risky. "Dave Weiler" <[EMAIL PROTECTED]> 03/04/2003 11:42 AM Please respond to "Dave Weiler" To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> cc: Subject: digital PHI and snail mail Anyone have any information on how privacy/security regs affect digital PHI (on zip disk/CD/DVD) being sent via regular mail and/or UPS or FedEx. Does the data need to be encrypted? --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: digital PHI and snail mail
Title: Message This is considered addressable. However, the use of the media you describe doesn't make a difference anymore. The definition of electronic media was ammended to cover what you describe. Jeff Jeff Kerber Director, HIPAA Compliance Texoma Healthcare System 903-416-5520 -Original Message-From: Dave Weiler [mailto:[EMAIL PROTECTED]Sent: Tuesday, March 04, 2003 1:42 PMTo: WEDI SNIP Privacy Workgroup ListSubject: digital PHI and snail mail Anyone have any information on how privacy/security regs affect digital PHI (on zip disk/CD/DVD) being sent via regular mail and/or UPS or FedEx. Does the data need to be encrypted?---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org "This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately and delete the material from any computer. Do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you."