Look at alternatives to encryption when you deem them necessary.
Is keeping in touch with your clients by email safe? Do you have to stop doing that now? Or can you keep using email? Read this HIPAA training article for more.
When you talk about health information that's going out over the internet and how it needs to be encrypted in one of those things that they say as regular email is not secure. That does go out basically in plain text or it gets translated into text that may have some formatting elements added as well. But there are just some texts in there that just gets past around and is available for anyone or anyone on the hotspots that where the information makes its way across the internet could actually see that information.
So, email is not secure in and of itself. For healthcare compliance, you must go through a process and encryption that email for you to have communications with your clients or patients or whatever.
When it comes to professional communications between organizations or like between two providers, something like that, that pretty much has to be included these days, encrypted is pretty much as standard.
But when it comes to dealing with the individuals with the patients themselves it's not so cut and dried. The important thing there is to provide a good patient care. And you cannot necessarily depend on the individual as your clients or your patients on having the ability to really used and encrypted email or using - it's very complicated you can't necessarily rely on them to open an attachment or something like that to be able to communicate on a regular basis.
This is a sort of thing where you can decide pretty much on your own. If it's better for your patient to be able to have the information and the information that you're sharing by email is not that dangerous or not that sensitive, you can decide that, “No, this is really is not really a harmful kind of thing for us to have this kind of communication. We're going to go ahead and do this. And even though there is a chance that it could be exposed.”
But you have to go to that kind of consideration and make a decision that, yeah, you do want to do this along with ensuring healthcare compliance. There are some situations, particularly in mental health where you might have somebody who's like a spouse, maybe a battered spouse or something like that that you're going to need to be in contact with and leaving a message on the answering machine at home. It's just you can't do that. It would not be appropriate and it could lead us some problems and it could be better for the individual for you to communicate by email. And if they don't have the ability to handle encryption then, you can just do that in regular piling of email.
HIPAA Training Expert Tip: What is recommended, for healthcare compliance, though is that if you do any significant amount of email that does include health information is look into one of the web based encrypted email solutions or you just - somebody gets the messages. You have a message from an individual and then you log on to an encrypted website where you can retrieve your messages like a webmail system. Like, if you log on to website for checking your emails as it is, you just go to different site for your encrypted email for that particular provider. And that's we can become more seamless.
It's not particularly required, but you do have to decide that it is something that you want to do and you should have permission from the individual before you go ahead and do that before without encrypting the information. But then, (in the only individual) basis, professional services, professional individuals really do need to encrypt all the time. That's all there is to it.
For expert training sessions on HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Business Associates Rule, HIPAA Audits & Enforcement, and others; visit our Healthcare Compliance page.