HIPAA in the Contact Center: PHI and Encryption - Startel Corp. - ContactCenterWorld.com Blog
To ensure that your organization and your clients are acting in accordance with the HIPAA Security Rule as it relates to ENCRYPTION of ePHI, I did some extensive research and found a resource written by the American Medical Association titled “HIPAA Security Rule: Frequently asked questions regarding encryption of personal health information.” The document addresses a number of questions among physicians and other health care professionals as well as other HIPAA-covered entities and business associates. Consider the below points as it relates to your usage of ePHI:
To Begin with, What Information Should You Encrypt?
Any systems and individual files containing PHI/ePHI should be encrypted. Examples include electronic medical records, claims payment appeals, scanned images, emails containing ePHI, etc.
Emails containing ePHI. If you or your clients (physicians) correspond with health insurers or other health care professionals via email and those emails contain ePHI, then you could be accused of failing to protect ePHI for which you are responsible.
Encrypt all devices containing ePHI. Passwords are not enough, especially in the event that a hard drive was removed from a laptop containing ePHI. All devices that contain ePHI, including laptops, PCs, smartphones and tablets, need encryption technology, preferably “whole disk encryption” technology.
If ePHI is accessed via the Internet, encrypt those sessions. Since data that is published on the Internet is available to the public, you need to check with your Web service provider to ensure that any PHI that travels across the Internet is protected by secure sockets layer (SSL) or similar technology.
Encrypt any other remote access sessions. If you have a situation in which physicians/staff connect to the home office remotely to read email or access other resources containing ePHI, then this access may constitute a vulnerability to unauthorized snooping. It is important that these sessions be conducted using encrypted tunnels, or VPNS.
What Happens If a Security Breach Occurs at an Organization That Uses Encryption Technology?
If the ePHI is stored and transmitted in encrypted form, then you do not need to notify patients. This only applies to HIPAA-covered entities and business associates that use encryption technologies that render ePHI unusable, unreadable, or indecipherable to unauthorized individuals.
How do Startel’s Solutions Help Organizations Protect ePHI?
Businesses that handle sensitive information are not only morally obligated to protect sensitive, private and personal information of their clients; they are legally obligated to do so. Startel’s Encrypted Email Service enables compliance with HIPAA by utilizing Secure/Multipurpose Internet Mail Extensions (S/MIME) encryption protocol. This protocol converts email messages from a readable plaintext format to a scrambled cipher text format. Only the recipient using the private key that matches the public key used to encrypt the email message can decipher the message. If someone intercepts the message without access to the private key the email message would appear only as garbled text.
The private and public keys are the means for both encoding and decoding email messages. Essentially the unique private/public key acts as a distinctive digital signature bound to a particular email address.
In addition, the Startel Encrypted Email Service is encoded utilizing the Advanced Encryption Standard (AES) 128 Bit block size. This level of cryptography ensures security is maintained for all encrypted messages. Any attempt to “break” an encrypted message secured at 128 Bit encoding would take billions of years to try every possible combination.
Users of Startel’s Encrypted Email Service have peace of mind knowing that their messages remain secure and private during transmission and storage.
In my third blog post of this topic, I will address how Startel’s Secure Messaging application handles ePHI and specifically, how it complies with HIPAA.
Publish Date: July 10, 2013 5:00 AM
|All Suppliers||Get Listed|
|PREMIUMFuture Gen International Pte Ltd|
(VIEW OUR PAGE)
Outsourcing provider of English Call Centre services, Audio Transcriptions, Big Data ETL (Extract, Transform, Load) , Big Data Visualization, Big Data Predictive Model Generation
(VIEW OUR PAGE)
Аутсорсинговый контакт-центр ConceptCall| КонцептКолл специализируется на исходящем и входящем телемаркетинге: мы предоставляем услуги по осуществлению холодных звонков и продажи по телефону, проводим...
(VIEW OUR PAGE)
HigherGround develops data collection, information storage, and interaction analytics solutions that easily transform data into actionable intelligence, enabling operational optimization, enhanced per...
View more from Startel Corp.
Recent Blog Posts:
|Dispelling 6 Misconceptions about the Cloud. Myth 6: Too Significant to Outsource Control||November 14, 2014 5:00 AM|
|Dispelling 6 Misconceptions about the Cloud. Myth 5: Cloud is a Fad||November 7, 2014 5:00 AM|
|Dispelling 6 Misconceptions about the Cloud. Myth 4: Cloud Cannot Scale for Large Organizations||October 31, 2014 5:00 AM|
|Dispelling 6 Misconceptions about the Cloud. Myth 3: Cloud is Not Reliable||October 24, 2014 5:00 AM|
|Dispelling 6 Misconceptions about the Cloud. Myth 2: Cloud is One Size Fits All||October 17, 2014 5:00 AM|
|Dispelling 6 Misconceptions about the Cloud. Myth 1: Cloud is Not Secure||October 10, 2014 5:00 AM|
|In the World of Mobile Messaging Applications, there are NO Privacy Guarantees||June 2, 2014 5:00 AM|
|Startel Secure Messaging: Achieving Privacy & HIPAA/HITECH Compliance||November 25, 2013 5:00 AM|
|HIPAA in the Contact Center: PHI and Encryption||July 10, 2013 5:00 AM|
|HIPAA In the Contact Center||June 28, 2013 5:00 AM|