The Health Insurance Portability and Accountability Act was passed to prevent health care information from being made public.Some covered entities are required to safeguard patient information.You will need to make sure that your email is compliant if you are a healthcare provider.There is no easy way to do this on your own.You will need to hire an email service provider who is compliant with the Health Insurance Portability and Accountability Act.
Step 1: Understand the fines.
There is a Privacy Rule and a Security Rule.The Privacy Rule protects identifiable patient information, while the Security Rule sets national standards for the security of protected information in electronic form.There is a maximum penalty of 1.5 million per violation of these rules.
Step 2: The Security Rule should be read.
The federal government requires that electronic communication of health care information meet certain safety and privacy requirements.These requirements are not easy to understand.To make an email compliant with the Health Insurance Portability and Accountability Act, you need to ensure the integrity, security and confidentiality of the electronic information.The Security Rule can be found on the Health and Human Services website.Links are provided to the text.The regulatory text can be read by you.The regulations that have been enacted will be contained in this document.This information is very hard to understand for a non-expert.You should meet with a health care attorney to discuss your email security requirements.
Step 3: Meet with a lawyer.
An experienced health care attorney can help you understand the legal requirements and find ways to make your email system compliant.You should meet a lawyer who specializes in health care law.You can find a health care attorney in your state.It should have links to referral programs.When you visit the website, you will be provided with a phone number to call or a directory to search.
Step 4: There are email service providers that are compliant with the Health Insurance Portability and Accountability Act.
Unless you are an expert in information systems, you will need to hire an email service provider to provide your email system.Not enough email systems are available with free, web-based email services.They do not provide any security.Talk with your health care attorney if you want to find a compliant service provider.He or she should know about email service providers that are compliant with the Health Insurance Portability and Accountability Act.You can search the internet.Several companies advertise on the internet.Search for hipaa compliant email.
Step 5: Email service providers are compliant with the Health Insurance Portability and Accountability Act.
The websites of email service providers should be looked at to see if they are professional.You can ask the company if it can give you referrals.You should ask about the services they provide.The email service provider should limit access to the electronic information.The email service provider needs to keep its server in a secure location.Audit the person who has access to the information.The service provider should be able to know who is in the system.The user who accessed the information, the day and time it was accessed, and who the data was sent to should be tracked in a security log.Email transmissions are secured.All email transmissions should be adequately secured by a service provider.
Step 6: Get the patient's consent.
Regardless of the service provider you use, you must always get a patient's consent for transmission of health care information electronically.You shouldn't assume that the patient consents to receiving information electronically if they send you information by email.Patients should sign a Contact Sheet.The patient will tell you how they want to be contacted.All new patients need to sign one on their first visit.
Step 7: It's a good idea to use encryption.
According to Health and Human Services, a risk assessment is needed before encryption is mandatory.This means that you will need to protect your data.The original text is converted into something else.It's a way to make sure that information is kept out of the hands of a third party.Your email service provider should explain to you how it works.
Step 8: Retain records.
You have to keep your emails for at least six years.The email service provider should be able to keep the emails for six years.
Step 9: If it is necessary, don't use email.
Compliance costs for sending patient health information legally are beyond your budget.You can always not send this information electronically.Patients would have to come into the office to pick up health care information.