This may have been addressed and I missed it. As a health plan/TPA:
Would this solution cover our legal risk for HIPAA:
An email encryption software that we install on each computer that the users HAVE to choose to encrypt when they feel necessary. If we give them the software solution, but they choose not to encrypt or they forget to encrypt and PHI still goes out unsecure, and there is no "smart server" in the background watching for PHI content to remedy when the users neglect to encrypt, are we compliant? Have we taken reasonable measures?
OR
Do we have to have a server that watches email content in addition to allowing the users to choose to encrypt, and when it sees PHI, it encrypts for them making their oversight a non-issue.
Thanks
Mike O'Gorman
HPS Paradigm
912-350-6710
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-privacy as: archive@mail-archive.com
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
