Home 
PHI and Email
PHI and Email
| PHI and Email |
 Transmitting any PHI over email is the fastest, most convenient way of transferring information. Doing so without paying attention to HIPAA however can end up inconvenient and costly to any entity subject to it.Most of the pertinent rules are under the Administrative section of the Privacy rule, which dictates that adequate safeguards are put in place to protect email and any other media that contains PHI. The rule is an extension of what most organizations would consider good email practice anyway. Things like keeping emails secure, checking addresses before sending, ensuring the security of the email infrastructure and protecting the servers and storage of email are general IT concerns in any industry, not just healthcare. The main difference is that most organizations will adhere to these steps voluntarily, and for their own benefit. Any entity subject to HIPAA has to comply, or pay the price! Failure to comply can result in fines of up to $25,000 for each instance of a security breach if found to be an accidental failure. If a malicious or purposeful disclosure is proven then the fine increases up to $250,000 and possibly even jail time. As email seems to be the de facto standard for transmitting information in the modern world today, organizations need to ensure they have these measure in place to protect HPI. Perhaps more importantly, to protect their staff and themselves. It may seem a daunting prospect, to create a system that complies with HIPAA, but the benefits of a coherent secure email system will benefit an organization at large, not just the parts that deal with PHI. |