Carolyn,

That's not wholly accurate.  WinZip password-protected files ARE
encrypted, using WinZip's proprietary Zip 2.0 encryption algorithm.  So,
such a technical security mechanism would conform to the letter of the
rule that mandates all web-transmissions of PHI be encrypted.  However,
it is a recognized WEAK encryption system, and it would be extremely
difficult to make the case to an enforcement body that employing such a
mechanism represents a reasonable application of security controls.

andrew

>>> "Price, Carolyn" <[EMAIL PROTECTED]> 09/30/02 04:29pm >>>
HIPAA mandates that all transactions sent via the web be encrypted. 
Since
the example you give is NOT encrypted, it is not allowed at all.
Carolyn Price

-----Original Message-----
From: Fify Taslim [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 30, 2002 11:40 AM
To: '[EMAIL PROTECTED]'; 'business@wed <mailto:'business@wed[i.org'>
[i.org';
'[EMAIL PROTECTED]'
Subject: Winzip & password and e-mail





Hello all, 

Thank you in advance for all your valuable the responds. 
I have Privacy issue question today. Is this scenario still HIPAA compliant
or not allowed at all?  Scenario: sending daily file containing member PHI
through e-mail. The file are zipped [Winzip]and password protected, and
no
encryption were done. 

Any suggestion/recommendation to HIPAA compliance are welcome. 

Regards, 

Fify Taslim, MD, MBA 

Care1st Health Plan 
Compliance Specialist/HIPAA Coordinator 
Ph. (626) 299-4299 ex.376 
Fx. (626) 628-3263 
E-mail: [EMAIL PROTECTED] 


To be removed from this list, go to:
http://snip.wedi.org/unsubscribe.cfm?list=Security 
and enter your email address. 



The WEDI SNIP listserv to which you are subscribed is not moderated.
The 
discussions on this listserv therefore represent the views of the
individual

participants, and do not necessarily represent the views of the WEDI
Board
of 
Directors nor WEDI SNIP. If you wish to receive an official opinion, post 
your question to the WEDI SNIP Issues Database at 
http://snip.wedi.org/tracking/. 
Posting of advertisements or other commercial use of this listserv is 
specifically prohibited. 



To be removed from this list, go to:
http://snip.wedi.org/unsubscribe.cfm?list=Security
and enter your email address.

<P>The WEDI SNIP listserv to which you are subscribed is not
moderated.  The
discussions on this listserv therefore represent the views of the
individual
participants, and do not necessarily represent the views of the WEDI
Board of
Directors nor WEDI SNIP.  If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/.
Posting of advertisements or other commercial use of this listserv is
specifically prohibited.

To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=Security
and enter your email address.

<P>The WEDI SNIP listserv to which you are subscribed is not moderated.  The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board of
Directors nor WEDI SNIP.  If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/.
Posting of advertisements or other commercial use of this listserv is
specifically prohibited.

Reply via email to