Is a Potential Email Breach Among Your Biggest HIPAA Vulnerabilities? A five-step plan for minimizing risk. Robert McDermott IF YOU KNEW several of your neighbors were victims of theft, from homes or cars in your neighborhood, you’d likely take initiative to safeguard your property before you become the next target. When it comes to the security of your practice, the alarm bells are ringing. Security experts and agencies are warning the healthcare industry that their data, their patients and their practices are at risk. Perhaps more importantly, they’re also letting healthcare leaders, practice managers and those in private practice know that there are ways to mitigate security risks and protect patients and their data. However, despite breaches being a significant threat, email security is often overlooked when it comes to practice security protocols. However, for the time being, the rules regarding HIPAA compliance specific to email aren’t always immediately clear, so let’s quickly key in on the basics. There are five technical safeguards required for HIPAA-compliant email: 1.
Access Controls. Access to PHI must be restricted to authorized individuals only
2.
Audit Controls. Email history and transmissions must be monitored and an auditable trail maintained
3.
Integrity Controls. Practices must employ policies and procedures to ensure ePHI is not improperly destroyed or altered
4.
Authentication. Security measures must verify an individual’s identity prior to granting them access to electronic-protected health information
5.
Transmission Security. Transmitted PHI must be encrypted
What is an Email Breach? An email breach is a serious security incident, where a single email, email account or email system has been “impermissibly used or disclosed.” In other words, someone who shouldn’t have access to your email does, and they might be hijacking your data. Here are a few top factors for breaches: 1. Human error and poor training. 61% of healthcare security breaches involve human error, much of which could be prevented with proper and complete security training for your staff.
NEWS
CONTINUED ON PAGE 15
1
6
