Email has long been used as a primary communication tool in most businesses around the globe. It provides a fast, easy and convenient method to transmit information anywhere in the world in a matter of seconds. It’s that same convenience though that has opened the door to hackers and thieves looking to steal identities.
Transmitting PHI (Protected Health Information) of any kind via a regular email account is a violation of the HITECH Act which calls for PHI to be rendered unreadable and unusable. New legislation has increased the possible fines from $25,000 up to $1.5 Million.
More federal money is being directed towards enforcement as well so we expect to see an increase in the number of lawsuits filed in the coming years such as the one being contemplated by this Pennsylvania woman:
http://thedailyreview.com/news/patient-contacts-lawyer-after-protected-health-information-compromised-1.1083367
For more details on email and the HITECH Act please read this article:
http://www.zixcorp.com/documents/case-studies/thecaseforencryption-hipaa-web.pdf
(*WEBIT Services sells and supports the ZIX email encryption service)
Now is the time to take a very close look at the way email (and all forms of communication) is used in your practice. Physicians and Staff members should be informed that PHI should never be sent via any non-secure method, especially email. A written e-policy should be distributed to all employees along with an acknowledgement form which should be signed and kept on file with your other HIPAA related documentation. If you use email and don’t have a secure HIPAA compliant email service, get one ASAP to protect your practice.
If you’d like a FREE no obligation assessment of your current email system, please contact our office at 630-870-1088 x 305 and we’d be happy to send one of our security experts to your office and explain your situation in plain English along with any recommendations we have.
