OSHA & HIPAA Compliance Made Easy
OSHA & HIPAA Compliance Made Easy
With 25+ years of OSHA experience and one of the nation's only Certified HIPAA Professionals, Smart Training makes compliance not only manageable but easy! We want to address your concerns, so comment and have your questions answered by the experts!
Smart Training

WHAT ABOUT ENCRYPTED EMAIL? Part II

WHAT ABOUT ENCRYPTED EMAIL? Part II

1/29/2018 3:18:42 PM   |   Comments: 0   |   Views: 85
HIPAA requires both Covered Entities and Business Associates to retain past email communications containing ePHI. The retention period is 6 years. For any healthcare organization, no matter the size of the practice, storing 6 years of emails and attachments requires considerable storage space. Consider using a secure, encrypted email archiving service rather than email backups.

An email archiving service will free up needed hard drive storage space and save time as well. Since an email archive is indexed, searching for emails is a quick and easy process. If emails must be produced for legal purposes or for a compliance audit, they can be quickly and easily retrieved.
 
Any provider of an email archiving service will also be a Business Associate and therefore subject to HIPAA Rules. A Business Associate Agreement will be required between your office and the archive service provider. The BAA should incorporate reasonable assurances that the service will train their staff on patient privacy and abide by HIPAA requirements concerning the information they store for your office.
 
From time to time, you may find it convenient to send emails containing ePHI to patients. Remember, however, that consent to use email as a communication method typically must be obtained from the patient in writing before any ePHI is sent via email, even if a HIPAA compliant email provider is used.  Patients must be advised that there are risks to the confidentiality of information sent via email. If they are prepared to accept the risks, emails containing ePHI can be sent without violating HIPAA Rules. Up-to-date Notices of Privacy Policies should offer this information to patients, and signed acknowledgments of receipt should be in the patient’s chart before an email is sent.
 
If you are unsure of the requirements of HIPAA with respect to email, we recommend that you contact our Certified HIPAA Professionals. As with most issues regarding patient privacy, a little information can go a long way toward staving off disaster.

Check out part one of this series. Click Here.
More Like This

Total Blog Activity

769
Total Bloggers
7,905
Total Blog Posts
2,962
Total Podcasts
1,297
Total Videos

Sponsors

Townie Perks

Townie® Poll

Do you allow parents into the operatory?
  

Site Help

Sally Gross, Member Services
Phone: +1-480-445-9710
Email: sally@farranmedia.com

Follow Dentaltown

Mobile App

WITH DENTALTOWN . . . NO DENTIST WILL EVER HAVE TO PRACTICE SOLO AGAIN®

WWW.DENTALTOWN.COM - WHERE THE DENTAL COMMUNITY LIVES®

9633 S. 48th Street Suite 200 • Phoenix, AZ 85044 · Phone: +1-480-598-0001 · Fax: +1-480-598-3450
©1999-2019 Dentaltown, L.L.C., a division of Farran Media, L.L.C. · All Rights Reserved