Health Information Compliance Alert
ARE YOU TRANSMITTING PHI IN YOUR E-MAIL?
PDF
The study results were announced June 5 by the Dallas-based Zix Corporation and revealed that many leading healthcare organizations are transmitting messages that contain PHI over public networks without using appropriate safeguards.
Zix Corp. analyzed a portion of over 4,400,000 e-mail messages sent and received by over 7,500 healthcare organizations, representing the inbound and outbound traffic for approximately seven days for each of the audited organizations. The purpose of the study was to determine what percentage of such messages contained PHI.
On average, more than 53 percent of the top 100 U.S. healthcare chains and health systems - and 35 percent of the top 60 healthcare payors - had transmitted via plain-text e-mail information that these organizations are required to protect under HIPAA. Overall, the study revealed that 4.4 percent of outbound e-mail Zix Corp. analyzed contained protected health information. The study analyzed unencrypted e-mail traffic from organizations that had implemented a number of different kinds of solutions, including a variety of technology solutions, a reliance on directives to employees or internal policy-only solutions, and a combination of these measures.
Zix Corp. noted that records of unprotected e-mail are created wherever the e-mail is sent. "Each time a healthcare organization sends an e-mail containing [PHI] without the appropriate safeguards to another party, a record of the event may reside indefinitely on the recipient's email server or in its archives," the company said in the release. "Once that record has been created, it may be used as evidence of non-compliance by governmental regulators or by lawyers seeking to use it in civil litigation."
Health Information Compliance Alert
- Transactions:
TCS TESTING PLAN VITAL TO ENSURE YOUR BUSINESS' SURVIVAL
4 Tips To Help Avoid Enforcement Watchdogs And Lost Revenues
If you haven't begun [...] - Training Tips:
RESOLVING COMPLAINTS STARTS WITH YOUR FRONTLINE
4 Essential Tips To Prepare Your Frontline Staff
Frontline staffers may be one of your [...] - Privacy:
For Mental Health Care, Let Cooler Heads Prevail With Patient Notes
A 3-Step Process To HIPAA-Compliant Psychotherapy
While HIPAA doesn't require providers who offer mental health services [...] - The Third Degree:
READER QUESTIONS ANSWERED
Thanks, HICA readers! We've received several great HIPAA questions this month. Now, thanks to a [...] - Privacy:
Eckerd Has Key To Compliance On The Cheap
Protecting patient privacy doesn't have to be either prohibitively expensive or mind-numbingly complex. At least, [...] - Privacy:
KEEP PHI STRICTLY CONFIDENTIAL
Although it should be painfully obvious by now to all covered entities that protected health [...] - SAMPLE DOCUMENT:
Confidentiality and Security Agreement - HIPAA Alert:
Avoid HIPAA Scams! How To Smell A 'HIPAA-Certified' Rat
The Tell-Tale Signs of HIPAA Scammers - And How To Combat Them
From companies offering "certified" [...] - Notices of Privacy Practices:
OHCAs AND NOTICES OF PRIVACY PRACTICES: A CONFUSING COMBO
How OHCAs Can Slay The NPP Beast Knowing how to address HIPAA's notice of privacy [...] - Health Information News:
TEXAS MAN, ACCUSED OF DUI, LEARNS NOT TO MESS WITH HIPAA
Clayton Harper Tapp was involved in a motorcycle accident and was taken to Memorial Hermann [...] - Sample Document:
GIVE PATIENTS PREFERENCES WITH PHONE MESSAGES
The benefits of proper and efficient communication with your patients is twofold: It's essential to [...] - HIPAA Study:
ARE YOU TRANSMITTING PHI IN YOUR E-MAIL?
A recent study reveals that many healthcare organizations are unwittingly transmitting protected health information via [...]