SlideShare a Scribd company logo

HIPAA and E-Mail: Protecting PHI

Maurene Caplan Grey, profile picture
Maurene Caplan Grey

The document discusses the evolving role of email and messaging in healthcare, emphasizing compliance with HIPAA regulations and protecting patient health information (PHI). It outlines best practices for healthcare providers, including technology recommendations and employee training to enhance security and privacy. The document also highlights the need for continuous vulnerability assessments and the appointment of a privacy officer to ensure adherence to regulations.

TechnologyHealth & Medicine
1 of 18
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
HIPAA and E-Mail: Protecting PHI Maurene Caplan Grey Founder, Principal Analyst
HIPAA “101” Health Insurance Reform Administrative Simplification Standards for electronic health information transactions Mandate on providers and health plans, and timetable Pre-emption of state law Penalties Privacy http://www.cms.hhs.gov/hipaa/hipaa2/default.asp (CMS: HIPPA – Administrative Simplification, updated September 2005) http://www.hipaadvisory.com/regs/compliancecal.htm (Status of HIPAA Regulations Compliance Calendar, updated August 2005)
Today’s Topics How is the role of messaging evolving within the healthcare community? What best practices should healthcare providers take to conform with regulations and plan for the future?
Healthcare Industry Evolution Targeted treatments Focus on wellness Customer is the consumer Mass market treatment Focus on illness Customer is the doctor
Increasing Self-Management via E-Mail Physicians, Pharmacists, Peers… Source: Health Data Management Magazine, “Quick Poll,” 9 Sept 2005 Physician resistance to communicating with patients via e-mail is decreasing. I wonder if I have diabetes? What more can I find out? What are other people doing to control it? Patient = Consumer Is this serious? Do I need a checkup? 32.43 24 Disagree 67.7 50 Agree Percentage Respondents
Using an Online Consultation System for Self-Management
PHI within the Healthcare Community Patient’s PHI stored as record by the hospital. PHI sent to lab Insurance company stores patient record Lab report sent to doctor Hospital MD gathers PHI from patient Invoice sent to patient’s healthcare insurance
The New Healthcare Community Suppliers Providers Payers Employers Government Consumers Physicians Life Sciences
Today’s Topics How is the role of messaging evolving within the healthcare community? What best practices should healthcare providers take to conform with regulations and plan for the future?
Why Security and Privacy Policies Fail Rulings are ambiguous and untested Poor or no business processes Social engineering Wrong technology Right technology, poorly implemented No auditing Lack of user training Poor or no governance Rulings change Fraud “ Lost” PHI Local hard drives, cache, memory sticks, PDAs, smart phones, server storage, application data stores…
Approach 1: Gateway 1) File uploads to gateway 2) E-mail sent to recipient with URL that points to file 3) Recipient clicks on URL, authenticates to the gateway and downloads file Often used for ad hoc relationships
Approach 2: End-to-End, Gateway 1) File sent to gateway 2) E-mail sent to recipient with URL that points to file 3) Recipient clicks on URL, authenticates to gateway and downloads file Often used for ad hoc relationships, where extra security is required Commercial PGP, OpenPGP, S/MIME … Commercial PGP, OpenPGP, S/MIME …
Approach 3: Gateway-to-Gateway Sender Recipient Sender’s gateway to recipient’s gateway Recipient Sender Often used for trusted relationships
Approach 4: End-to-End, Gateway-to-Gateway Sender’s gateway to recipient’s gateway Often used for trusted relationships, where extra security is required Commercial PGP, OpenPGP, S/MIME … Commercial PGP, OpenPGP, S/MIME … Sender Recipient Recipient Sender
Scenario: University with Teaching Hospital Administrative Policies Information Security Information Management Securing E-Mail University’s standards Technology options Employee responsibilities Security Risk assessment templates HIPAA assessment plan Sys Admin toolkits Governance board Chancellor’s Office School of Dentistry School of Medicine School of Nursing School of Pharmacy Medical Center – IT Medical Center – Non-IT Student Academic Affairs Information Security Officer Privacy Officer Training
What You Need To Do Now – People and Business Engage legal counsel to interpret HIPAA regulations for your scenario. Conduct, and reinforce, employee training. Appoint a privacy officer (rule requires). Educate business partners on your PHI security and privacy policies.
What You Need To Do Now – Technology Deploy secure e-mail technologies that fit the relationship model between sender and recipient. Simplicity at the user end is key for adoption. Develop secure e-mail frameworks that are extensible as healthcare community needs evolve. Budget for and carry out continuous vulnerability testing and security audits. HIPAA is designed to protect patient privacy. Architect security measures accordingly.
For further information on this topic, contact Grey Consulting [email_address] 845.531.5050 www.grey-consulting.com making messaging and collaboration work

More Related Content

PPT
What Does Openness Mean to the Web Manager?
lisbk
 
PPT
Contextual Web Accessibility - Maximizing the Benefit of Accessibility Guidel...
lisbk
 
PPT
Beyond Compliance - A Holistic Approach to Web Accessibility
lisbk
 
PPT
What Does Openness Mean To The Openness Museum Community
lisbk
 
PPT
Accessibility 2.0: People, Policies and Processes
lisbk
 
PPT
Benefits of the Social Web: How Can It Help My Museum?
lisbk
 
PPT
Engagement, Impact, Value: Measuring and Maximising Impact Using the Social Web
lisbk
 
PPT
From Web Accessibility 2.0 to Web Adaptability (1.0)
lisbk
 
What Does Openness Mean to the Web Manager?
lisbk
 
Contextual Web Accessibility - Maximizing the Benefit of Accessibility Guidel...
lisbk
 
Beyond Compliance - A Holistic Approach to Web Accessibility
lisbk
 
What Does Openness Mean To The Openness Museum Community
lisbk
 
Accessibility 2.0: People, Policies and Processes
lisbk
 
Benefits of the Social Web: How Can It Help My Museum?
lisbk
 
Engagement, Impact, Value: Measuring and Maximising Impact Using the Social Web
lisbk
 
From Web Accessibility 2.0 to Web Adaptability (1.0)
lisbk
 

What's hot (20)

PPT
Implementing A Holistic Approach To E-Learning Accessibility
lisbk
 
PPT
From Web Accessibility to Web Adaptability
lisbk
 
PPT
What Can We Learn From Amplified Events?
lisbk
 
PPT
This Year's Technology That Has Blown Me Away
lisbk
 
PPT
The Future for Educational Resource Repositories in a Web 2.0 World
lisbk
 
PPT
Organisational Use of Twitter
lisbk
 
PDF
UKWebFocus blog posts
lisbk
 
PPT
Empowering Users and Institutions: A Risks and Opportunities Framework for Ex...
lisbk
 
PPTX
Building an Accessible Digital Institution
lisbk
 
PPT
Why Impact, ROI and Marketing are No Longer Dirty Words
lisbk
 
PPT
Welcome to IWMW 2010
lisbk
 
PPT
The Social Aspect Of Resource Discovery
lisbk
 
PPT
BS 8878 and the Holistic Approaches to Web Accessibility
lisbk
 
PPT
Engagement, Impact, Value: Introduction
lisbk
 
PPT
Short brown presentation 26th june 2011
Gillian Brown
 
PPT
The Web Management Community: Beyond IWMW and JISCMail Lists (#A4)
lisbk
 
PPT
E health presentation 28th june 2011
Nick Short
 
PPTX
Digital Life Beyond The Institution
lisbk
 
PPTX
Preparing Our Users For Digital Life Beyond the Institution
lisbk
 
PPT
Enhancing Access to Researchers' Papers: How Librarians and Use of Social Med...
lisbk
 
Implementing A Holistic Approach To E-Learning Accessibility
lisbk
 
From Web Accessibility to Web Adaptability
lisbk
 
What Can We Learn From Amplified Events?
lisbk
 
This Year's Technology That Has Blown Me Away
lisbk
 
The Future for Educational Resource Repositories in a Web 2.0 World
lisbk
 
Organisational Use of Twitter
lisbk
 
UKWebFocus blog posts
lisbk
 
Empowering Users and Institutions: A Risks and Opportunities Framework for Ex...
lisbk
 
Building an Accessible Digital Institution
lisbk
 
Why Impact, ROI and Marketing are No Longer Dirty Words
lisbk
 
Welcome to IWMW 2010
lisbk
 
The Social Aspect Of Resource Discovery
lisbk
 
BS 8878 and the Holistic Approaches to Web Accessibility
lisbk
 
Engagement, Impact, Value: Introduction
lisbk
 
Short brown presentation 26th june 2011
Gillian Brown
 
The Web Management Community: Beyond IWMW and JISCMail Lists (#A4)
lisbk
 
E health presentation 28th june 2011
Nick Short
 
Digital Life Beyond The Institution
lisbk
 
Preparing Our Users For Digital Life Beyond the Institution
lisbk
 
Enhancing Access to Researchers' Papers: How Librarians and Use of Social Med...
lisbk
 
Ad

Similar to HIPAA and E-Mail: Protecting PHI (20)

PPTX
Issues in Mobile Health (Barbara Mittleman)
yan_stanford
 
PPT
Anatomy of an EMR System
Hal Amens
 
PPT
Priv&security&profin electrcommunicationsrev9 23
Deven McGraw
 
PPTX
Healthcare and Cyber security
Brian Matteson, CISSP CISA
 
PPT
Introduction to EMR
Hal Amens
 
PPT
EMR Intro
guestb754cc1c
 
PDF
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
M2SYS Technology
 
PPTX
Health Informatics- Module 4-Chapter 2.pptx
Arti Parab Academics
 
PDF
Texting and E-mail with Patients: Patient Requests and Complying with HIPAA
GlobalCompliancePanel
 
PPT
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Novell
 
PPTX
Modernizing Patient Records
Bob Larrivee
 
PDF
Patient relationship management on the cloud
Comidor
 
PPT
Health Informatics Professionalism and Improving Patient Care
Health Informatics New Zealand
 
PDF
HIPAA Compliance: Safeguarding Healthcare Information in the Digital Age
ShyamMishra72
 
DOCX
1042 PM (CST)Assignment DetailsAssignment Description
SantosConleyha
 
DOCX
1042 PM (CST)Assignment DetailsAssignment Description
BenitoSumpter862
 
DOCX
1042 pm (cst)assignment details assignment description
SUKHI5
 
DOCX
Tips for transitioning to electronic health records
ACROSEAS Global Solutions
 
PPTX
Babithas Notes on unit-2 Health/Nursing Informatics Technology
Babitha Devu
 
PPT
Health Informatics Professionalism and Improving Patient Care
Health Informatics New Zealand
 
Issues in Mobile Health (Barbara Mittleman)
yan_stanford
 
Anatomy of an EMR System
Hal Amens
 
Priv&security&profin electrcommunicationsrev9 23
Deven McGraw
 
Healthcare and Cyber security
Brian Matteson, CISSP CISA
 
Introduction to EMR
Hal Amens
 
EMR Intro
guestb754cc1c
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
M2SYS Technology
 
Health Informatics- Module 4-Chapter 2.pptx
Arti Parab Academics
 
Texting and E-mail with Patients: Patient Requests and Complying with HIPAA
GlobalCompliancePanel
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Novell
 
Modernizing Patient Records
Bob Larrivee
 
Patient relationship management on the cloud
Comidor
 
Health Informatics Professionalism and Improving Patient Care
Health Informatics New Zealand
 
HIPAA Compliance: Safeguarding Healthcare Information in the Digital Age
ShyamMishra72
 
1042 PM (CST)Assignment DetailsAssignment Description
SantosConleyha
 
1042 PM (CST)Assignment DetailsAssignment Description
BenitoSumpter862
 
1042 pm (cst)assignment details assignment description
SUKHI5
 
Tips for transitioning to electronic health records
ACROSEAS Global Solutions
 
Babithas Notes on unit-2 Health/Nursing Informatics Technology
Babitha Devu
 
Health Informatics Professionalism and Improving Patient Care
Health Informatics New Zealand
 
Ad

More from Maurene Caplan Grey (7)

PPTX
Communication: Chaos to Clarity
Maurene Caplan Grey
 
PDF
Leveraging linked in for the job search passive vs active techniques
Maurene Caplan Grey
 
PPT
Social Media: An Avenue In Your Job Search
Maurene Caplan Grey
 
PDF
Collaboration & Social Media New Challenges For Records Management
Maurene Caplan Grey
 
PDF
E Mail Management At A Crossroad
Maurene Caplan Grey
 
PDF
New Media: Transforming Organizational Communications
Maurene Caplan Grey
 
PPT
Collaboration: New Challenges for Electronic Records Management
Maurene Caplan Grey
 
Communication: Chaos to Clarity
Maurene Caplan Grey
 
Leveraging linked in for the job search passive vs active techniques
Maurene Caplan Grey
 
Social Media: An Avenue In Your Job Search
Maurene Caplan Grey
 
Collaboration & Social Media New Challenges For Records Management
Maurene Caplan Grey
 
E Mail Management At A Crossroad
Maurene Caplan Grey
 
New Media: Transforming Organizational Communications
Maurene Caplan Grey
 
Collaboration: New Challenges for Electronic Records Management
Maurene Caplan Grey
 

Recently uploaded (20)

PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
project resource management chapter-09.pdf
ssuser00e6e21
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PDF
August Patch Tuesday
Ivanti
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
2021 HotChips TSMC Packaging Technologies for Chiplets and 3D_0819 publish_pu...
KeXue5
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
project resource management chapter-09.pdf
ssuser00e6e21
 
The various Industrial Revolutions .pptx
bandileshozi3
 
August Patch Tuesday
Ivanti
 
Modernising the Digital Integration Hub
Daniel Toomey
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
2021 HotChips TSMC Packaging Technologies for Chiplets and 3D_0819 publish_pu...
KeXue5
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 

HIPAA and E-Mail: Protecting PHI

  • 1. HIPAA and E-Mail: Protecting PHI Maurene Caplan Grey Founder, Principal Analyst
  • 2. HIPAA “101” Health Insurance Reform Administrative Simplification Standards for electronic health information transactions Mandate on providers and health plans, and timetable Pre-emption of state law Penalties Privacy http://www.cms.hhs.gov/hipaa/hipaa2/default.asp (CMS: HIPPA – Administrative Simplification, updated September 2005) http://www.hipaadvisory.com/regs/compliancecal.htm (Status of HIPAA Regulations Compliance Calendar, updated August 2005)
  • 3. Today’s Topics How is the role of messaging evolving within the healthcare community? What best practices should healthcare providers take to conform with regulations and plan for the future?
  • 4. Healthcare Industry Evolution Targeted treatments Focus on wellness Customer is the consumer Mass market treatment Focus on illness Customer is the doctor
  • 5. Increasing Self-Management via E-Mail Physicians, Pharmacists, Peers… Source: Health Data Management Magazine, “Quick Poll,” 9 Sept 2005 Physician resistance to communicating with patients via e-mail is decreasing. I wonder if I have diabetes? What more can I find out? What are other people doing to control it? Patient = Consumer Is this serious? Do I need a checkup? 32.43 24 Disagree 67.7 50 Agree Percentage Respondents
  • 6. Using an Online Consultation System for Self-Management
  • 7. PHI within the Healthcare Community Patient’s PHI stored as record by the hospital. PHI sent to lab Insurance company stores patient record Lab report sent to doctor Hospital MD gathers PHI from patient Invoice sent to patient’s healthcare insurance
  • 8. The New Healthcare Community Suppliers Providers Payers Employers Government Consumers Physicians Life Sciences
  • 9. Today’s Topics How is the role of messaging evolving within the healthcare community? What best practices should healthcare providers take to conform with regulations and plan for the future?
  • 10. Why Security and Privacy Policies Fail Rulings are ambiguous and untested Poor or no business processes Social engineering Wrong technology Right technology, poorly implemented No auditing Lack of user training Poor or no governance Rulings change Fraud “ Lost” PHI Local hard drives, cache, memory sticks, PDAs, smart phones, server storage, application data stores…
  • 11. Approach 1: Gateway 1) File uploads to gateway 2) E-mail sent to recipient with URL that points to file 3) Recipient clicks on URL, authenticates to the gateway and downloads file Often used for ad hoc relationships
  • 12. Approach 2: End-to-End, Gateway 1) File sent to gateway 2) E-mail sent to recipient with URL that points to file 3) Recipient clicks on URL, authenticates to gateway and downloads file Often used for ad hoc relationships, where extra security is required Commercial PGP, OpenPGP, S/MIME … Commercial PGP, OpenPGP, S/MIME …
  • 13. Approach 3: Gateway-to-Gateway Sender Recipient Sender’s gateway to recipient’s gateway Recipient Sender Often used for trusted relationships
  • 14. Approach 4: End-to-End, Gateway-to-Gateway Sender’s gateway to recipient’s gateway Often used for trusted relationships, where extra security is required Commercial PGP, OpenPGP, S/MIME … Commercial PGP, OpenPGP, S/MIME … Sender Recipient Recipient Sender
  • 15. Scenario: University with Teaching Hospital Administrative Policies Information Security Information Management Securing E-Mail University’s standards Technology options Employee responsibilities Security Risk assessment templates HIPAA assessment plan Sys Admin toolkits Governance board Chancellor’s Office School of Dentistry School of Medicine School of Nursing School of Pharmacy Medical Center – IT Medical Center – Non-IT Student Academic Affairs Information Security Officer Privacy Officer Training
  • 16. What You Need To Do Now – People and Business Engage legal counsel to interpret HIPAA regulations for your scenario. Conduct, and reinforce, employee training. Appoint a privacy officer (rule requires). Educate business partners on your PHI security and privacy policies.
  • 17. What You Need To Do Now – Technology Deploy secure e-mail technologies that fit the relationship model between sender and recipient. Simplicity at the user end is key for adoption. Develop secure e-mail frameworks that are extensible as healthcare community needs evolve. Budget for and carry out continuous vulnerability testing and security audits. HIPAA is designed to protect patient privacy. Architect security measures accordingly.
  • 18. For further information on this topic, contact Grey Consulting [email_address] 845.531.5050 www.grey-consulting.com making messaging and collaboration work