Maurene Caplan Grey, profile picture
Uploaded byMaurene Caplan Grey
1,224 views

HIPAA and E-Mail: Protecting PHI

The document discusses the evolving role of email and messaging in healthcare, emphasizing compliance with HIPAA regulations and protecting patient health information (PHI). It outlines best practices for healthcare providers, including technology recommendations and employee training to enhance security and privacy. The document also highlights the need for continuous vulnerability assessments and the appointment of a privacy officer to ensure adherence to regulations.

Embed presentation

HIPAA and E-Mail: Protecting PHI Maurene Caplan Grey Founder, Principal Analyst
HIPAA “101” Health Insurance Reform Administrative Simplification Standards for electronic health information transactions Mandate on providers and health plans, and timetable Pre-emption of state law Penalties Privacy http://www.cms.hhs.gov/hipaa/hipaa2/default.asp (CMS: HIPPA – Administrative Simplification, updated September 2005) http://www.hipaadvisory.com/regs/compliancecal.htm (Status of HIPAA Regulations Compliance Calendar, updated August 2005)
Today’s Topics How is the role of messaging evolving within the healthcare community? What best practices should healthcare providers take to conform with regulations and plan for the future?
Healthcare Industry Evolution Targeted treatments Focus on wellness Customer is the consumer Mass market treatment Focus on illness Customer is the doctor
Increasing Self-Management via E-Mail Physicians, Pharmacists, Peers… Source: Health Data Management Magazine, “Quick Poll,” 9 Sept 2005 Physician resistance to communicating with patients via e-mail is decreasing. I wonder if I have diabetes? What more can I find out? What are other people doing to control it? Patient = Consumer Is this serious? Do I need a checkup? 32.43 24 Disagree 67.7 50 Agree Percentage Respondents
Using an Online Consultation System for Self-Management
PHI within the Healthcare Community Patient’s PHI stored as record by the hospital. PHI sent to lab Insurance company stores patient record Lab report sent to doctor Hospital MD gathers PHI from patient Invoice sent to patient’s healthcare insurance
The New Healthcare Community Suppliers Providers Payers Employers Government Consumers Physicians Life Sciences
Today’s Topics How is the role of messaging evolving within the healthcare community? What best practices should healthcare providers take to conform with regulations and plan for the future?
Why Security and Privacy Policies Fail Rulings are ambiguous and untested Poor or no business processes Social engineering Wrong technology Right technology, poorly implemented No auditing Lack of user training Poor or no governance Rulings change Fraud “ Lost” PHI Local hard drives, cache, memory sticks, PDAs, smart phones, server storage, application data stores…
Approach 1: Gateway 1) File uploads to gateway 2) E-mail sent to recipient with URL that points to file 3) Recipient clicks on URL, authenticates to the gateway and downloads file Often used for ad hoc relationships
Approach 2: End-to-End, Gateway 1) File sent to gateway 2) E-mail sent to recipient with URL that points to file 3) Recipient clicks on URL, authenticates to gateway and downloads file Often used for ad hoc relationships, where extra security is required Commercial PGP, OpenPGP, S/MIME … Commercial PGP, OpenPGP, S/MIME …
Approach 3: Gateway-to-Gateway Sender Recipient Sender’s gateway to recipient’s gateway Recipient Sender Often used for trusted relationships
Approach 4: End-to-End, Gateway-to-Gateway Sender’s gateway to recipient’s gateway Often used for trusted relationships, where extra security is required Commercial PGP, OpenPGP, S/MIME … Commercial PGP, OpenPGP, S/MIME … Sender Recipient Recipient Sender
Scenario: University with Teaching Hospital Administrative Policies Information Security Information Management Securing E-Mail University’s standards Technology options Employee responsibilities Security Risk assessment templates HIPAA assessment plan Sys Admin toolkits Governance board Chancellor’s Office School of Dentistry School of Medicine School of Nursing School of Pharmacy Medical Center – IT Medical Center – Non-IT Student Academic Affairs Information Security Officer Privacy Officer Training
What You Need To Do Now – People and Business Engage legal counsel to interpret HIPAA regulations for your scenario. Conduct, and reinforce, employee training. Appoint a privacy officer (rule requires). Educate business partners on your PHI security and privacy policies.
What You Need To Do Now – Technology Deploy secure e-mail technologies that fit the relationship model between sender and recipient. Simplicity at the user end is key for adoption. Develop secure e-mail frameworks that are extensible as healthcare community needs evolve. Budget for and carry out continuous vulnerability testing and security audits. HIPAA is designed to protect patient privacy. Architect security measures accordingly.
For further information on this topic, contact Grey Consulting [email_address] 845.531.5050 www.grey-consulting.com making messaging and collaboration work

More Related Content

PPT
What Does Openness Mean to the Web Manager?
bylisbk
 
PPT
Contextual Web Accessibility - Maximizing the Benefit of Accessibility Guidel...
bylisbk
 
PPT
Beyond Compliance - A Holistic Approach to Web Accessibility
bylisbk
 
PPT
What Does Openness Mean To The Openness Museum Community
bylisbk
 
PPT
Accessibility 2.0: People, Policies and Processes
bylisbk
 
PPT
Benefits of the Social Web: How Can It Help My Museum?
bylisbk
 
PPT
Engagement, Impact, Value: Measuring and Maximising Impact Using the Social Web
bylisbk
 
PPT
From Web Accessibility 2.0 to Web Adaptability (1.0)
bylisbk
 
What Does Openness Mean to the Web Manager?
bylisbk
 
Contextual Web Accessibility - Maximizing the Benefit of Accessibility Guidel...
bylisbk
 
Beyond Compliance - A Holistic Approach to Web Accessibility
bylisbk
 
What Does Openness Mean To The Openness Museum Community
bylisbk
 
Accessibility 2.0: People, Policies and Processes
bylisbk
 
Benefits of the Social Web: How Can It Help My Museum?
bylisbk
 
Engagement, Impact, Value: Measuring and Maximising Impact Using the Social Web
bylisbk
 
From Web Accessibility 2.0 to Web Adaptability (1.0)
bylisbk
 

What's hot

PPT
Implementing A Holistic Approach To E-Learning Accessibility
bylisbk
 
PPT
From Web Accessibility to Web Adaptability
bylisbk
 
PPT
What Can We Learn From Amplified Events?
bylisbk
 
PPT
This Year's Technology That Has Blown Me Away
bylisbk
 
PPT
The Future for Educational Resource Repositories in a Web 2.0 World
bylisbk
 
PPT
Organisational Use of Twitter
bylisbk
 
PDF
UKWebFocus blog posts
bylisbk
 
PPT
Empowering Users and Institutions: A Risks and Opportunities Framework for Ex...
bylisbk
 
PPTX
Building an Accessible Digital Institution
bylisbk
 
PPT
Why Impact, ROI and Marketing are No Longer Dirty Words
bylisbk
 
PPT
Welcome to IWMW 2010
bylisbk
 
PPT
The Social Aspect Of Resource Discovery
bylisbk
 
PPT
BS 8878 and the Holistic Approaches to Web Accessibility
bylisbk
 
PPT
Engagement, Impact, Value: Introduction
bylisbk
 
PPT
Short brown presentation 26th june 2011
byGillian Brown
 
PPT
The Web Management Community: Beyond IWMW and JISCMail Lists (#A4)
bylisbk
 
PPT
E health presentation 28th june 2011
byNick Short
 
PPTX
Digital Life Beyond The Institution
bylisbk
 
PPTX
Preparing Our Users For Digital Life Beyond the Institution
bylisbk
 
PPT
Enhancing Access to Researchers' Papers: How Librarians and Use of Social Med...
bylisbk
 
Implementing A Holistic Approach To E-Learning Accessibility
bylisbk
 
From Web Accessibility to Web Adaptability
bylisbk
 
What Can We Learn From Amplified Events?
bylisbk
 
This Year's Technology That Has Blown Me Away
bylisbk
 
The Future for Educational Resource Repositories in a Web 2.0 World
bylisbk
 
Organisational Use of Twitter
bylisbk
 
UKWebFocus blog posts
bylisbk
 
Empowering Users and Institutions: A Risks and Opportunities Framework for Ex...
bylisbk
 
Building an Accessible Digital Institution
bylisbk
 
Why Impact, ROI and Marketing are No Longer Dirty Words
bylisbk
 
Welcome to IWMW 2010
bylisbk
 
The Social Aspect Of Resource Discovery
bylisbk
 
BS 8878 and the Holistic Approaches to Web Accessibility
bylisbk
 
Engagement, Impact, Value: Introduction
bylisbk
 
Short brown presentation 26th june 2011
byGillian Brown
 
The Web Management Community: Beyond IWMW and JISCMail Lists (#A4)
bylisbk
 
E health presentation 28th june 2011
byNick Short
 
Digital Life Beyond The Institution
bylisbk
 
Preparing Our Users For Digital Life Beyond the Institution
bylisbk
 
Enhancing Access to Researchers' Papers: How Librarians and Use of Social Med...
bylisbk
 

Similar to HIPAA and E-Mail: Protecting PHI

PDF
HIPAA Email Compliance & Privacy
byappriver
 
PDF
HIPAA-Compliant Email: What Every Healthcare Provider Must Know
bySecure Titan
 
PPTX
Texting and e mail with patients 2020
byRobertAByrdr
 
PDF
HIPAA, Texting, and E-mail — Using Appropriate Patient and Professional Commu...
byConference Panel
 
PPT
Physician-Patient Email by Wieczorek
byAmerican Academy on Communication in Healthcare (AACH)
 
PPT
Ahima2008 Summer Presentatione Mail Kohn
byDeborah Kohn
 
PDF
HIPAA Email Compliance What You Must Know in 2025.pdf
byEntrusted Mail
 
PDF
HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...
byConference Panel
 
PPT
Priv&security&profin electrcommunicationsrev9 23
byDeven McGraw
 
PDF
Dispelling HIPAA Myths: Texting, Emailing, and BYOD Best Practices
byConference Panel
 
PDF
Hipaa and social media using new
byOnlineAudio Training
 
PDF
Use of E-mailing, Texting, and Personal Devices by Health Care Professionals ...
byConference Panel
 
PPTX
Never Clueless Encrypted Email
byJohn Rood
 
PPTX
Skillacquire - Marketing to Patients via Texting and E-mail Hipaa, TCPA and c...
bySkillacquire
 
PDF
Mosio White Paper: Simplifying HIPAA and SMS in Clinical Research
byMosio
 
PDF
Security Best Practices for Health Information Exchange
byTrend Micro
 
PPTX
Update on Texting, E-mail, and HIPAA - Communicating with Patients under the ...
byAudioEducator
 
PPTX
5 hipaa training
byJasonPickerill1
 
PPTX
Negative Economic Impacts On Healthcare From Inefficient Communication
byDana Allison
 
PPTX
4_2019_05_18!11_01_47_AM.pptx
byVishwasVenkateshPai
 
HIPAA Email Compliance & Privacy
byappriver
 
HIPAA-Compliant Email: What Every Healthcare Provider Must Know
bySecure Titan
 
Texting and e mail with patients 2020
byRobertAByrdr
 
HIPAA, Texting, and E-mail — Using Appropriate Patient and Professional Commu...
byConference Panel
 
Physician-Patient Email by Wieczorek
byAmerican Academy on Communication in Healthcare (AACH)
 
Ahima2008 Summer Presentatione Mail Kohn
byDeborah Kohn
 
HIPAA Email Compliance What You Must Know in 2025.pdf
byEntrusted Mail
 
HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...
byConference Panel
 
Priv&security&profin electrcommunicationsrev9 23
byDeven McGraw
 
Dispelling HIPAA Myths: Texting, Emailing, and BYOD Best Practices
byConference Panel
 
Hipaa and social media using new
byOnlineAudio Training
 
Use of E-mailing, Texting, and Personal Devices by Health Care Professionals ...
byConference Panel
 
Never Clueless Encrypted Email
byJohn Rood
 
Skillacquire - Marketing to Patients via Texting and E-mail Hipaa, TCPA and c...
bySkillacquire
 
Mosio White Paper: Simplifying HIPAA and SMS in Clinical Research
byMosio
 
Security Best Practices for Health Information Exchange
byTrend Micro
 
Update on Texting, E-mail, and HIPAA - Communicating with Patients under the ...
byAudioEducator
 
5 hipaa training
byJasonPickerill1
 
Negative Economic Impacts On Healthcare From Inefficient Communication
byDana Allison
 
4_2019_05_18!11_01_47_AM.pptx
byVishwasVenkateshPai
 

More from Maurene Caplan Grey

PPTX
Communication: Chaos to Clarity
byMaurene Caplan Grey
 
PDF
Leveraging linked in for the job search passive vs active techniques
byMaurene Caplan Grey
 
PPT
Social Media: An Avenue In Your Job Search
byMaurene Caplan Grey
 
PDF
Collaboration & Social Media New Challenges For Records Management
byMaurene Caplan Grey
 
PDF
E Mail Management At A Crossroad
byMaurene Caplan Grey
 
PDF
New Media: Transforming Organizational Communications
byMaurene Caplan Grey
 
PPT
Collaboration: New Challenges for Electronic Records Management
byMaurene Caplan Grey
 
Communication: Chaos to Clarity
byMaurene Caplan Grey
 
Leveraging linked in for the job search passive vs active techniques
byMaurene Caplan Grey
 
Social Media: An Avenue In Your Job Search
byMaurene Caplan Grey
 
Collaboration & Social Media New Challenges For Records Management
byMaurene Caplan Grey
 
E Mail Management At A Crossroad
byMaurene Caplan Grey
 
New Media: Transforming Organizational Communications
byMaurene Caplan Grey
 
Collaboration: New Challenges for Electronic Records Management
byMaurene Caplan Grey
 

Recently uploaded

PDF
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
PPTX
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
PDF
Incident Response Planning with a Foundation Model
byKim Hammar
 
PDF
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
PDF
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
PDF
AI Technology important knowledge ......
byutkarshj2007
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
Incident Response Planning with a Foundation Model
byKim Hammar
 
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
The year in review - MarvelClient in 2025
bypanagenda
 
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
AI Technology important knowledge ......
byutkarshj2007
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 

HIPAA and E-Mail: Protecting PHI

  • 1.
    HIPAA and E-Mail: Protecting PHI Maurene Caplan Grey Founder, Principal Analyst
  • 2.
    HIPAA “101” HealthInsurance Reform Administrative Simplification Standards for electronic health information transactions Mandate on providers and health plans, and timetable Pre-emption of state law Penalties Privacy http://www.cms.hhs.gov/hipaa/hipaa2/default.asp (CMS: HIPPA – Administrative Simplification, updated September 2005) http://www.hipaadvisory.com/regs/compliancecal.htm (Status of HIPAA Regulations Compliance Calendar, updated August 2005)
  • 3.
    Today’s Topics Howis the role of messaging evolving within the healthcare community? What best practices should healthcare providers take to conform with regulations and plan for the future?
  • 4.
    Healthcare Industry EvolutionTargeted treatments Focus on wellness Customer is the consumer Mass market treatment Focus on illness Customer is the doctor
  • 5.
    Increasing Self-Management viaE-Mail Physicians, Pharmacists, Peers… Source: Health Data Management Magazine, “Quick Poll,” 9 Sept 2005 Physician resistance to communicating with patients via e-mail is decreasing. I wonder if I have diabetes? What more can I find out? What are other people doing to control it? Patient = Consumer Is this serious? Do I need a checkup? 32.43 24 Disagree 67.7 50 Agree Percentage Respondents
  • 6.
    Using an OnlineConsultation System for Self-Management
  • 7.
    PHI within theHealthcare Community Patient’s PHI stored as record by the hospital. PHI sent to lab Insurance company stores patient record Lab report sent to doctor Hospital MD gathers PHI from patient Invoice sent to patient’s healthcare insurance
  • 8.
    The New HealthcareCommunity Suppliers Providers Payers Employers Government Consumers Physicians Life Sciences
  • 9.
    Today’s Topics Howis the role of messaging evolving within the healthcare community? What best practices should healthcare providers take to conform with regulations and plan for the future?
  • 10.
    Why Security andPrivacy Policies Fail Rulings are ambiguous and untested Poor or no business processes Social engineering Wrong technology Right technology, poorly implemented No auditing Lack of user training Poor or no governance Rulings change Fraud “ Lost” PHI Local hard drives, cache, memory sticks, PDAs, smart phones, server storage, application data stores…
  • 11.
    Approach 1: Gateway 1) File uploads to gateway 2) E-mail sent to recipient with URL that points to file 3) Recipient clicks on URL, authenticates to the gateway and downloads file Often used for ad hoc relationships
  • 12.
    Approach 2: End-to-End,Gateway 1) File sent to gateway 2) E-mail sent to recipient with URL that points to file 3) Recipient clicks on URL, authenticates to gateway and downloads file Often used for ad hoc relationships, where extra security is required Commercial PGP, OpenPGP, S/MIME … Commercial PGP, OpenPGP, S/MIME …
  • 13.
    Approach 3: Gateway-to-Gateway Sender Recipient Sender’s gateway to recipient’s gateway Recipient Sender Often used for trusted relationships
  • 14.
    Approach 4: End-to-End,Gateway-to-Gateway Sender’s gateway to recipient’s gateway Often used for trusted relationships, where extra security is required Commercial PGP, OpenPGP, S/MIME … Commercial PGP, OpenPGP, S/MIME … Sender Recipient Recipient Sender
  • 15.
    Scenario: University withTeaching Hospital Administrative Policies Information Security Information Management Securing E-Mail University’s standards Technology options Employee responsibilities Security Risk assessment templates HIPAA assessment plan Sys Admin toolkits Governance board Chancellor’s Office School of Dentistry School of Medicine School of Nursing School of Pharmacy Medical Center – IT Medical Center – Non-IT Student Academic Affairs Information Security Officer Privacy Officer Training
  • 16.
    What You NeedTo Do Now – People and Business Engage legal counsel to interpret HIPAA regulations for your scenario. Conduct, and reinforce, employee training. Appoint a privacy officer (rule requires). Educate business partners on your PHI security and privacy policies.
  • 17.
    What You NeedTo Do Now – Technology Deploy secure e-mail technologies that fit the relationship model between sender and recipient. Simplicity at the user end is key for adoption. Develop secure e-mail frameworks that are extensible as healthcare community needs evolve. Budget for and carry out continuous vulnerability testing and security audits. HIPAA is designed to protect patient privacy. Architect security measures accordingly.
  • 18.
    For further informationon this topic, contact Grey Consulting [email_address] 845.531.5050 www.grey-consulting.com making messaging and collaboration work