Failure to adhere to new guidelines could cost your company up to $250,000 per infraction!

On April 21, 2005 (just over three weeks from today), a new Health Insurance Portability and Accountability Act (HIPAA) security rule goes into effect. The requirements of this rule, which are basically information security best practices, focus on three cornerstones of a solid information security infrastructure: confidentiality, integrity and availability of information.

The imminent HIPAA regulatory requirements encompass transmission, storage and discoverability of Protected Health Information (PHI). Given widespread use and mission-critical nature of email, enforcement of HIPAA encryption policies and growing demand for secure email solutions, email security has never been more important to healthcare industry than it is right now.

Although many assume it applies only to health care providers, HIPAA affects nearly all companies that regularly transmit or store employee health insurance information. HIPAA was signed into law in 1996 by former President Bill Clinton, with intent of protecting employee health and insurance information when workers changed or lost their jobs. As Internet use became more widespread in mid-to-late 1990s, HIPAA requirements overlapped with digital revolution and offered direction to organizations needing to exchange healthcare information.

HIPAA in Workplace Collaboration between employers and healthcare professionals has grown increasingly digital, and email has played an ever-increasing role in this communication. However, email’s increased importance can lead to severe consequences without proper security and privacy measures implemented.

In addition to usual concerns about privacy and security of email correspondence, even organizations that are not in healthcare industry must now consider regulatory compliance requirements associated with HIPAA. The Administrative Simplification section of HIPAA, which, among other things, mandates privacy and security of Protected Health Information (PHI), has sparked concern about how email containing PHI should be treated in corporate setting. HIPAA, as it relates to email security, is an enforcement of otherwise well-known best practices that include:

• Ensuring that email messages containing PHI are kept secure when transmitted over an unprotected link
• Ensuring that email systems and users are properly authenticated so that PHI does not get into wrong hands
• Protecting email servers and message stores where PHI may exist

Netizens are afraid to ask others to stop and those who are asked to stop, no matter how nicely, get offended and feel as though their thoughtfulness is not appreciated. But let's think about this a moment. How really thoughtful is it to click forward arrow, then a bunch of e-mail addresses and hit send? Well, your brain had to "think" about those steps but does that make effort truly "thoughtful." I don't think so...

Here are 5 Rules of Forwarding E-mails that those who are being truly thoughtful follow. If everyone followed them all problems associated with forwarded e-mails could be avoided. Sticking to these guidelines will assist both those thinking they are thoughtful and those who don't want to appear otherwise:

1. Don't forward anything without editing out all forwarding >>>>, e-mail addresses, headers and commentary from all other forwarders. Don't make folks look amongst all gobbly-gook to see what it is you thought was worth forwarding. If you must forward, only forward actual "guts" or content of e-mail that you are of opinion is valuable.

2. If you cannot take time to write a personal comment at top of your forwarded e-mail to person you are sending to - then you shouldn't forward it at all.