Home

  • Home
    • » e-Newsletters

Reinforce e-mail security during training

HIPAA Training Advisor, October 16, 2008

All the tokens, keys, and passwords in the world won’t fully secure Internet-based e-mail services at your facility, says William M. Miaoulis, CISA, CISM, manager of HIPAA security services at Phoenix Health Systems in Dallas.
 
So minimize your facility’s risk of exposing PHI through e-mail by teaching staff members what PHI includes and when and how it is appropriate to send it via e-mail, says Miaoulis.
 
Remind them to sign off Web-based e-mail services when they are finished using them.
 
“There is no such thing as perfect security, but you can take the appropriate actions based on the risks and make the appropriate decisions,” says Wayne Haber, director of architecture at SecureWorks, headquartered in Atlanta. He recommends the following measures:
  • Use strong authentication with Webmail to ensure that the employee is who he or she purports to be
  • Use up-to-date mail software, such as Microsoft Exchange
  • Employ technology on your servers and your clients’ servers to ensure that Web browsers update automatically and run the most recent browser software, whether from Microsoft, Mozilla, Apple, or another company
  • Remind users to adjust the settings on their laptop and home computers to update software automatically
Teach staff members to be aware of the type of information they send via e-mail and to report receipt of any seemingly inappropriate e-mails immediately.
 
Your patients already trust in the care you provide. They should be able to similarly trust your ability to keep their information secure.

Most Popular