• E-mail
• Print
• RSS

Ask the right questions

HIPAA Training Advisor, January 11, 2006

Ask the right questions

Encryption is important for transmitting ePHI, particularly for high-risk situations such as sending it over the Internet, according to CMS. "As business practices and technology change, situations may arise where ePHI being transmitted from a covered entity would be at significant risk of being accessed by unauthorized entities." When a risk analysis shows significant risk, the CE must use encryption. To determine the need for encryption, ask yourself the following questions:

• How does your organization transmit ePHI?
  
  
• Based on your risk analysis, is encryption needed to protect ePHI during transmission?
  
  
• How often does your organization transmit ePHI?
  
  
• What methods of encryption will your organization use to protect the transmission of ePHI?

Develop a policy that takes into account all variables, says Farmington Hills, MI-based attorney William M. Brodhead. "And if encryption is an easy, cheap, and practical solution, use it." But keep in mind what's most important: the care and welfare of the patient, he says. Use common sense and take reasonable and appropriate steps to protect patients' information.

Editor's note: Adapted from "Factor risk, cost when choosing encryption solution," Briefings on HIPAA, December 2005.

• E-mail to a Colleague
• Print
• RSS
• Archive