HIPAA Email Encryption - Information Security - Tulane University

1,212 views
1,079 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,212
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

HIPAA Email Encryption - Information Security - Tulane University

  1. 1. Tulane University and Health Sciences Center HIPAA Email Encryption Leo Tran, Information Security Officer Jeremy Pelegrin, Systems Engineer
  2. 2. <ul><li>Today’s speaker has stated that he has nothing to disclose. </li></ul><ul><li>Leo Tran, Information Security Officer </li></ul><ul><li>Jeremy Pelegrin, Systems Engineer </li></ul><ul><li>Tulane University Technology Services </li></ul>
  3. 3. § 164.312(e) Technical safeguards <ul><li>(1) Standard: Transmission security. Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network. </li></ul><ul><li>  (2) Implementation specifications: </li></ul><ul><li>(ii) Encryption. Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate. </li></ul><ul><li>Note: Encrypt data during transmission (data in motion). </li></ul>
  4. 4. HIPAA Privacy Policy (GC-009) <ul><li>Emailing and Faxing Information </li></ul><ul><li>The staff of the Tulane University Health Care Component should not transmit protected health information over the Internet (including e-mail) and other unsecured networks unless it has been encrypted and password protected, and the Security Officer approves the process used. </li></ul>
  5. 5. HIPAA Security Policy (TS-42) <ul><li>Tulane University uses encryption to protect the confidentiality, integrity and availability of e-PHI during transmission over electronic communications networks. Tulane University protects “data in motion” by implementing a combination of solutions that includes Virtual Private Networks (VPNs), Secure Sockets Layer (SSL) and other encryption t echnologies where appropriate . </li></ul>
  6. 6. Email Encryption <ul><li>In January 2008, Tulane implemented a system for encrypting email called Ironport. It is an Internet Encryption Appliance used to encrypt email containing PHI (Private Health Information) traveling to email destinations outside of our Tulane firewalls. </li></ul><ul><li>In July 2008, for encryption redundancy, Tulane purchased an additional Ironport system. </li></ul>
  7. 7. Email Encryption <ul><li>Email Encryption to the outside world </li></ul><ul><li>Email Encryption within Tulane </li></ul>
  8. 8. <ul><li>Email Encryption to the outside world using Ironport </li></ul>
  9. 9. Email Encryption to the outside world <ul><li>Type the word Secure: at the subject line </li></ul><ul><li>It can be lowercase, uppercase or mixcase </li></ul><ul><li>It can be anywhere in the subject line </li></ul><ul><ul><li>Secure: </li></ul></ul><ul><ul><li>secure: </li></ul></ul><ul><ul><li>SECURE: </li></ul></ul><ul><ul><li>The Colon “:” is important. </li></ul></ul>
  10. 10. Email Encryption to the outside world <ul><li>Type the word Secure: at the subject line </li></ul>
  11. 11. Email Encryption to the outside world <ul><li>For Microsoft Outlook, you can also set the message sensitivity to Confidential </li></ul>
  12. 12. Email Encryption to the outside world <ul><li>Your client or patient will see a similar screen with an </li></ul><ul><li>attachment named securedoc.html </li></ul>
  13. 13. Email Encryption to the outside world <ul><li>He/she needs to open the securedoc.html </li></ul>
  14. 14. Email Encryption to the outside world <ul><li>This screen will show if he/she is not a registered user </li></ul>
  15. 15. Email Encryption to the outside world <ul><li>He/she needs to register to read your encrypted email </li></ul>
  16. 16. Email Encryption to the outside world <ul><li>After registration he/she will receive a confirmation email </li></ul>
  17. 17. Email Encryption to the outside world <ul><li>From now on he/she can open encrypted email from you </li></ul>
  18. 18. Email Encryption to the outside world <ul><li>The system will tell you when your email is read </li></ul>
  19. 19. <ul><li>Email Encryption </li></ul><ul><li>within Tulane </li></ul>
  20. 20. Email Encryption within Tulane <ul><li>For Outlook Client 2007 </li></ul>
  21. 21. Email Encryption within Tulane
  22. 22. Email Encryption within Tulane <ul><li>For Outlook Client 2003 </li></ul>
  23. 23. Email Encryption within Tulane <ul><li>For Outlook Client 2003 </li></ul>
  24. 24. Email Encryption within Tulane <ul><li>For Outlook Client 2003 </li></ul>
  25. 25. Email Encryption within Tulane <ul><li>OWA always encrypts using SSL </li></ul>
  26. 26. Email Encryption within Tulane <ul><li>By default, email within Tulane for other clients such as Mac Mail, Entourage or iPhone are encrypted with SSL. </li></ul>
  27. 27. Email Encryption <ul><li>Email Encryption to the outside world </li></ul><ul><ul><li>Type Secure: at the subject line </li></ul></ul><ul><li>Email Encryption within Tulane </li></ul>
  28. 28. Resources … <ul><li>HIPAA Compliance: </li></ul><ul><li>Web site http://tulane.edu/compliance </li></ul><ul><li>Privacy Official Glenda Folse 504-988-7739 </li></ul><ul><li>Security Official Leo Tran 504-988-8514 </li></ul><ul><li>Technology Services Help Desk: </li></ul><ul><li>On campus - Uptown: 8888 Downtown: 8-8888 </li></ul><ul><li>Off-Campus - 1-866-276-1428 </li></ul><ul><li>Email Encryption: </li></ul><ul><li>http://tulane.edu/compliance/training/trainingeducation.cfm </li></ul>
  29. 29. Email Encryption Resources… <ul><li>Configuring Microsoft Entourage 2008 (Mac) </li></ul><ul><li>http://d2.parature.com/ics/support/KBAnswer.asp?deptID=4258&questionID=2135 </li></ul><ul><li>Configuring Microsoft Entourage 2004 (Mac) </li></ul><ul><li>http://d2.parature.com/ics/support/default.asp?deptID=4258&task=knowledge&questionID=1979 </li></ul>

×