Posts

Can HIPAA Information Be Emailed?

Women standing with a laptop near a server room.

Can HIPAA Information Be Emailed?

According to the CDC: “while the HIPAA Privacy Rule safeguards protected health information (PHI), the Security Rule protects a subset of information covered by the Privacy Rule. This subset is all individually identifiable health information a covered entity creates, receives, maintains, or transmits in electronic form. This information is called ‘electronic protected health information (e-PHI).”

In order to comply with the HIPAA Security Rule you must:

  • Ensure the confidentiality, integrity, and availability of all electronic protected health information
  • Detect and safeguard against anticipated threats to the security of the information
  • Protect against anticipated impermissible uses or disclosures
  • Certify compliance

But what does this mean for those working in the healthcare industry emailing HIPAA information? Let’s start with why email communications should be secure first:

Understanding how cybersecurity and email are connected begins with a breakdown of the path that an email follows. Email follows the following path:

  1. Created by sender on their workstation
  2. Sent from workstation to sender’s email server
  3. Sender’s email server sends email to recipient’s email server
  4. Recipient’s workstation pulls the message from their server

Every time the email is sent it could be at risk for malicious interference. In addition, a copy of the email is stored on each workstation it travels through. Breaking that down, that means there’s a copy on:

  • The sender’s workstation
  • The sender’s email server
  • The recipient’s email server
  • The recipient’s workstation 1

This path alone illustrates the risk a single email can pose – both in transit and at rest. So can emails be HIPAA compliant?

Emails can be HIPAA compliant, but requires IT resources and a monitoring process to ensure that authorized users are communicating PHI in adherence with policies for HIPAA compliance for email.2

What IT resources and monitoring processes are available? Beyond our in-house security solution, we also recommend email encryption.

Encrypted Email

Encryption is a way to make data unreadable at rest and during transmission. CIT partners with Zix for email encryption and they partner with more than 1,200 U.S. hospitals to help maintain HIPAA compliance. As cyberattacks continue to grow exponentially, Zix provides you with efficient methods to optimize your IT security effectiveness while better securing PHI in and out of their organization.

To learn more check out A Case for Email Encryption.

So now that we’ve talked about the path of an email, HIPAA compliance, and our recommended solutions we want to make sure all types of emails are secure.

What different kinds of emails need to be secure?

In the healthcare industry, it is important to avoid security risks, meet compliance standards, and secure multiple types of emails. Cybersecurity and compliance solutions should include securing:

  • In-office emails
  • Doctor-to-doctor emails
  • Personal emails
  • Mass emails 
  • Reply emails
  • Patient emails

Additional email security considerations

Start with a HIPAA Compliance Checklist or learn more about a Cybersecurity Gap Analysis for your business. Want to chat with one of our experts? Contact us here. 

  1. https://www.securitymetrics.com/blog/how-send-hipaa-compliant-emai
  2. https://www.hipaajournal.com/hipaa-compliance-for-email/

CIT is Minnesota’s Premier Cybersecurity Provider for Nursing Home Technology

Assisted living network and technology support

CIT is Minnesota’s Premier Cybersecurity Provider for Nursing Home Technology

One of the most common mistakes anyone can make when shopping around for cybersecurity is approaching information technology with a one-size-fits-all perspective. That is especially true for securing your nursing home’s sensitive information. After all, if cybersecurity protects information, wouldn’t all cybersecurity be the same?

We are glad you’re taking a moment to read this blog before making a decision, because keeping a nursing facility’s information technology security is a specialized service, and one of CIT’s many specialties. Read on to learn more about how we can help solve the unique challenges of keeping our elderly loved one’s health and financial data safe from hackers.

You Keep Your Senior Residents Safe, But What About Their Personal Information?

As America ages, hackers know where to find the most vulnerable health and financial data — in senior living facilities like yours.

There are many reasons why seniors present an especially attractive target:

  • Hackers are keen on hunting for nest eggs, whether found in social security payments, pensions, retirement checks, or even good credit
  • Seniors, especially those on a fixed income, often do not closely monitor their financial data
  • Hackers can pose as family members to take advantage of specialized patients with Alzheimer’s or dementia
  • Seniors, who didn’t grow up with technology, often choose easy-to-hack passwords or unknowingly provide sensitive information to phishers
  • Financial and health records of the recently deceased can fetch an especially high price on the dark web
  • Senior homes and care settings are a hub of traffic (and possibly, a weak link) in the Health Information Exchange

If You Suspect Your Facility’s Electronic Health Records (EHR) Have Been Hacked

You would think some things in this world would be out of bounds. But hackers have no scruples in who they hack. Thankfully, you and your residents are not alone. There are some immediate steps you can take if you feel your facility or your resident’s financial or health records have been compromised.

The Department of Homeland Security has a handy guide to preventing and responding quickly to possible fraud, including everything from the immediate steps you should take if a resident’s phone has been stolen, to providing convenient, easy to use tip cards for anyone who needs simple, clear information at the ready.

An intrusion from a hacker can be traumatic and ruinous for anyone. But for those in their twilight years — who should be reaping the rewards of a lifetime of hard work — getting hacked can be especially devastating. Of course, the best cure is prevention and, as a caretaker, you have a special opportunity to hire the absolute best in cybersecurity and ensure the safety and happiness of your residents.

Improve the Quality of Your Patient Care with Proper Security

When you make the safety and security of your residents a priority, people (and prospective residents) notice—the devil is in the details, after all. High standards are contagious, and the premium you place on proper cybersecurity could extend to your staff, your resident’s care plans, and, ultimately, to your residents themselves.

A business that runs smoothly is happy. And that is especially true if your business is a retirement community. Providing proper cybersecurity is more than a good placebo, it is a way of life and commitment to standards that enrich the lives of the ones we love the most.

CIT Keeps Your Facility’s Information Technology Safe, Secure, and Compliant

You’re busy running several skilled nursing facilities — you don’t have time to be concerned about cybersecurity. That’s why you need CIT, Minnesota’s premier IT cybersecurity company, with over three decades of experience, and our industry-leading partners (with HIPAA, HITECH, and NIST standards across locations), helping local senior living providers stay ahead of today’s cyberthreats. Together we can keep our loved ones safe and secure and getting the most out of life.