Home > Ask the Security Experts > Questions & Answers > Protecting in-house e-mail containing PHI
Ask The Security Expert: Questions & Answers
EMAIL THIS

Protecting in-house e-mail containing PHI

Kevin Beaver EXPERT RESPONSE FROM: Kevin Beaver

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 03 March 2003
I have been asked by the privacy group to come up with guidelines and/or a policy statement for dealing with patient health information (PHI) in e-mails. My understanding of the rule is that if the e-mails are confined within the hospital, encryption is not needed. Encryption is needed when it goes over the Internet or outside. Is this correct? Can you give me some guidelines for securing in-house e-mail containing PHI?

>
EXPERT RESPONSE

Internal e-mail should not have to be encrypted, as long as no risks to those e-mails are found during a risk assessment. Keep in mind that if e-mails will be traversing wireless networks (or any other similarly risky system) where vulnerabilities are turned up during a risk assessment, encryption may be required. Similarly, the final HIPAA Security Rule now considers external (Internet, etc.) e-mail encryption as "addressable" and leaves it up to the covered entity to determine whether or not specific risks (found during a risk assessment) would require those e-mails to be encrypted. Bottom line: If risks are found, encryption will be required.

For some specific sample policies/guidelines on e-mail security, check out the ones on the SANS site at http://www.sans.org/resources/policies.

For more information on this topic, visit these other SearchSecurity.com resources:
  • Best Web Links: Health Care/Health Services Security
  • Ask the Expert: Securing e-mail under HIPAA
  • Ask the Expert: Encrypting e-mail and what is considered confidential under HIPAA

    		•

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    Targeted Security Channel Tips for Resellers, Integrators and Consultants
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts