Health Information Management

Ask the expert: What level of security is necessary to comply with HIPAA when transmitting patient information electronically (i.e., via the Web, through e-mail, etc.)?

HIM-HIPAA Insider, December 4, 2007

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

A: It depends on the method used to send the patient information. An organization that transmits the information within its network can send it "clear text" (unencrypted).

The organization may choose the level of security it wishes to apply. The same is true for data transmitted via fax-person-to-person versus computer-to-computer-or sent over direct connections. The answer changes if the organization is sending protected health information (PHI) over an open network (the Internet). Encryption is necessary when organizations send PHI over the Internet or a wireless network.

Different methods of data encryption exist for various communication methods (e.g., secure Web, virtual private network, secure e-mail, etc.). But the bottom line is that encryption is required, and the level of encryption should be at least 128-bit encryption (this represents the strength of the encryption algorithm used). Higher levels of encryption are recommended and readily available.

The organization's rules for remote access and transmission of PHI over the Internet are as important as its encryption of PHI. It is highly advisable to train all remote users to exercise caution and to be aware of their actions and their surroundings. For example, remote users should avoid working with PHI-even when transmitting data securely via a wireless network-if they are in a public setting where a passerby could see PHI displayed on a computer screen.

This Q&A was adapted from the December 2007 issue of Briefings on HIPAA. For more information, visit

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular