Title: Message
Consider the following corollary:
  1. The Security Rule does not proscribe encryption for electronic transmissions of data.  This is an addressable element that must be assessed by the covered entity.  However, as long as the method of transmission is considered secure (or "good enough"), the covered entity could elect to not encrypt the data and document that decision as part of their assessment of Security compliance.
  2. Under the Privacy Rule, "conduits" such as USPS, UPS, and FedEx are not required to sign business associate agreements because they are considered "secure" conduits for the data they handle.  This includes direct modem connections using POTS lines (Plain Old Telephone Service).
  3. Data sent via secure transmission methodology could be addressed in such a way that encryption is not required.  Conduits are considered secure, therefore, the covered entity can decide that the data sent/received through conduits does not need to be encrypted.
  4. A covered entity may elect to encrypt data sent via conduit but must work with their business associates to make sure they can adequately handle decrypting the data.
Comments?

Thanks,
Mike McKinlay
McKesson

Confidentiality Notice: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.

 

-----Original Message-----
From: Dave Weiler [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 04, 2003 1:42 PM
To: WEDI SNIP Privacy Workgroup List
Subject: digital PHI and snail mail

Anyone have any information on how privacy/security regs affect digital PHI (on zip disk/CD/DVD) being sent via regular mail and/or UPS or FedEx.

Does the data need to be encrypted?

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

Reply via email to