Continued from page 1
* Ensuring that email messages containing PHI are kept secure when transmitted over an unprotected link * Ensuring that email systems and users are properly authenticated so that PHI does not get into wrong hands * Protecting email servers and message stores where PHI may exist
Organizations regulated by HIPAA must comply and put these practices in place. However, need to comply with regulations puts particular pressure on healthcare industry to enhance their use of technology and “catch up” with other industries of similar size and scope.
Privacy and Email Security The privacy protection provisions in HIPAA pose a major compliance challenge for healthcare industry. These provisions are intended to protect patients from disclosure of any of their individually identifiable health information. Organizations that fail to protect this information face fines ranging from $10,000 to $25,000 for each instance of unauthorized disclosure. If disclosure is found to be intentional, HIPAA provides for fines ranging from $100,000 to $250,000 and possible jail time for individuals involved in violations.
The clock is ticking – it’s time to get started Bringing an enterprise into compliance with rules set by HIPAA can seem like a very daunting task to even most experienced executives. Nonetheless, growing dependence on email as a mission-critical application requires that your organization implement comprehensive security and privacy policies – and soon. A solid combination of security policies and technologies to enforce those policies can ensure improved security as well as HIPAA readiness and ongoing adherence.
Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security solutions. Learn how to make your email system comply with HIPAA regulations by visiting http://www.ciphertrust.com.