Encrypted Email
Email containing ePHI should be protected in transit and controlled so only the right people can read it.
- Secure transmission
- Encryption where reasonable
- Access control
The HIPAA Security Rule protects electronic patient information through administrative, physical, and technical safeguards. HHS has also proposed updates to strengthen ePHI cybersecurity.
Email containing ePHI should be protected in transit and controlled so only the right people can read it.
Patient data needs a backup and recovery plan so the practice can keep operating after failure, theft, or ransomware.
Workstations and devices that touch ePHI need malware protection, monitoring, and secure handling.
Staff need privacy and security training so everyday handling of patient information is consistent.
HIPAA does not name a firewall product, but network filtering supports access control and transmission security.
Testing helps uncover risks and supports the required risk analysis and periodic evaluation process.
The practice should know who can access ePHI and be able to review system activity.
Vendors that handle patient information need the right agreements and safeguards in place.