On April 21, 2005, a new Health Insurance
Portability and Accountability Act (HIPAA) security rule went
into effect. The requirements of this rule, which are basically
information security best practices, focus on the three cornerstones
of a solid information security infrastructure: confidentiality,
integrity and availability of information.
The HIPAA regulatory requirements encompass transmission, storage
and discoverability of Protected Health Information (PHI). Given
the widespread use and mission-critical nature of email, enforcement
of HIPAA encryption policies and the growing demand for secure
email solutions, email security has never been more important
to the healthcare industry than it is right now.
Although many assume it applies only to health care providers,
HIPAA affects nearly all companies that regularly transmit or
store employee health insurance information. HIPAA was signed
into law in 1996 by former President Bill Clinton, with the intent
of protecting employee health and insurance information when workers
changed or lost their jobs. As Internet use became more widespread
in the mid-to-late 1990s, HIPAA requirements overlapped with the
digital revolution and offered direction to organizations needing
to exchange healthcare information.
HIPAA in the Workplace
Collaboration between employers and healthcare professionals has
grown increasingly digital, and email has played an ever-increasing
role in this communication. However, email’s increased importance
can lead to severe consequences without proper security and privacy
measures implemented.
In addition to the usual concerns about privacy and security of
email correspondence, even organizations that are not in the healthcare
industry must now consider the regulatory compliance requirements
associated with HIPAA. The Administrative Simplification section
of HIPAA, which, among other things, mandates privacy and security
of Protected Health Information (PHI), has sparked concern about
how email containing PHI should be treated in the corporate setting.
HIPAA, as it relates to email security, is an enforcement of otherwise
well-known best practices that include:
* Ensuring that email messages containing PHI are kept secure
when transmitted over an unprotected link
* Ensuring that email systems and users are properly authenticated
so that PHI does not get into the wrong hands
* Protecting email servers and message stores where PHI may exist
Organizations regulated by HIPAA must comply
and put these practices in place. However, the need to comply
with regulations puts particular pressure on the healthcare industry
to enhance their use of technology and “catch up” with other industries
of similar size and scope.
Privacy and Email Security
The privacy protection provisions in HIPAA pose a major compliance
challenge for the healthcare industry. These provisions are intended
to protect patients from disclosure of any of their individually
identifiable health information. Organizations that fail to protect
this information face fines ranging from $10,000 to $25,000 for
each instance of unauthorized disclosure. If the disclosure is
found to be intentional, HIPAA provides for fines ranging from
$100,000 to $250,000 and possible jail time for individuals involved
in the violations.
The clock is ticking – it’s time to get started
Bringing an enterprise into compliance with the rules set by HIPAA
can seem like a very daunting task to even the most experienced
executives. Nonetheless, the growing dependence on email as a
mission-critical application requires that your organization implement
comprehensive security and privacy policies – and soon. A solid
combination of security policies and the technologies to enforce
those policies can ensure improved security as well as HIPAA readiness
and ongoing adherence.
About the author:
Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief
Technology Officer at CipherTrust, the industry's largest provider
of enterprise email security solutions. Learn how to make your
email
system comply with HIPAA regulations by visiting www.ciphertrust.com
Circulated by Article
Emporium
|
Health, Wealth, Travel and Technology Magazine