We are
implementing a data security strategy but we can't do everything at once (again
reasonableness based not only on budget but sheer capacity -- how many balls can
we juggle at once?). We conducted a risk assessment & prioritized
and as it turns out, email encryption wasn't the first thing on our list.
Having
said this we are in the process of deploying email encryption, but frankly there
are other things that worry me more as far as protecting electronic PHI than
email, given our architecture, and that's where we've been focusing
first
a.
-----Original Message----- From:
Deborah Campbell [mailto:[EMAIL PROTECTED] Sent: Friday,
March 28, 2003 1:39 PM To: WEDI SNIP Privacy Workgroup
List Subject: RE: Receipt of PHI
We were trying to deal with this issue and determined that the only way
to protect electronic PHI, as 164.530 of the Privacy Rule requires is to
either encrypt emails or not send emails
containing PHI. Out of curiosity (because I'd love to find a way around this)
If you are not encrypting, how are you meeting the privacy regulations
requirement to protect electronic
PHI?
Deborah
Campbell
The Privacy rule does not call for encryption. Having said this, at
the very least I would inventory those instances and inform the c.e. so
that both of you can start working on secure transmission methods. Obviously
the sooner you address this the better, but I would say you'd have 2 years
to get there if you need to, as far as compliance is
concerned.
The caveat goes to what would be
considered "reasonable"
a.
I would appreciate any suggestions on how a
business associate should address the receipt of PHI from a covered entity
that has been sent across an open network (without encryption) after the
Privacy Rule is enforceable.
Thank you.
Marcus McCrory
--- The WEDI SNIP listserv to which you are
subscribed is not moderated. The discussions on this listserv therefore
represent the views of the individual participants, and do not necessarily
represent the views of the WEDI Board of Directors nor WEDI SNIP. If you
wish to receive an official opinion, post your question to the WEDI SNIP
Issues Database at http://snip.wedi.org/tracking/. These listservs should
not be used for commercial marketing purposes or discussion of specific
vendor products and services. They also are not intended to be used as a
forum for personal disagreements or unprofessional communication at any
time.
You are currently subscribed to wedi-privacy as:
[EMAIL PROTECTED] To unsubscribe from this list, go to the
Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank
email to [EMAIL PROTECTED] If you need to
unsubscribe but your current email address is not the same as the address
subscribed to the list, please use the Subscribe/Unsubscribe form at
http://subscribe.wedi.org
CONFIDENTIALITY NOTICE: The information contained in this message is
legally priveleged and confidential information intended for the use of the
individual or entity named above. If the reader of this message is not the
intended recipient, or the employee or agent responsible to deliver it to
the intended recipient, you are hereby notified that any release,
dissemination, distribution, or copying of this communication is strictly
prohibited. If you have received this communication in error, please notify
the author immediately by replying to this message and delete the original
message. Thank you. --- The WEDI SNIP listserv to which you are
subscribed is not moderated. The discussions on this listserv therefore
represent the views of the individual participants, and do not necessarily
represent the views of the WEDI Board of Directors nor WEDI SNIP. If you
wish to receive an official opinion, post your question to the WEDI SNIP
Issues Database at http://snip.wedi.org/tracking/. These listservs should
not be used for commercial marketing purposes or discussion of specific
vendor products and services. They also are not intended to be used as a
forum for personal disagreements or unprofessional communication at any
time.
You are currently subscribed to wedi-privacy as:
[EMAIL PROTECTED] To unsubscribe from this list, go to the
Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank
email to [EMAIL PROTECTED] If you need to
unsubscribe but your current email address is not the same as the address
subscribed to the list, please use the Subscribe/Unsubscribe form at
http://subscribe.wedi.org
--- The WEDI SNIP listserv to
which you are subscribed is not moderated. The discussions on this listserv
therefore represent the views of the individual participants, and do not
necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP.
If you wish to receive an official opinion, post your question to the WEDI
SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should
not be used for commercial marketing purposes or discussion of specific vendor
products and services. They also are not intended to be used as a forum for
personal disagreements or unprofessional communication at any time.
You
are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To
unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED] If you need to unsubscribe but
your current email address is not the same as the address subscribed to the
list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
CONFIDENTIALITY NOTICE: The information contained in this message is legally priveleged and confidential information intended for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any release, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the author immediately by replying to this message and delete the original message. Thank you.
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
|