HIPAA

Latest Discussion Posts

  • In the past we used a different email client.  It was known widely that it wasn't encrypted and therefore not secure, and it wasn't to be used at all for PHI.  (it still occasionally happened, but we re-trained when it did.)  The bigger thing that prevented ...

  • Agreed, since the business relationship is between the payer and auditor. However, if the BAA is with the payer and auditor, consider what are the provider clinic's rights in the event of a PHI breach by auditor. Are they governed solely by the BAA between ...

  • I would definitely institute a policy of password protecting attachments. That is just good practice. We had an email account that was hacked into in 2016 and all the attachments that were password protected where not effected by the hack, but many ...

  • Thank you ladies for the response! My concern is... people are potentially using PHI in attachments, that do not require an additional password to open.  We have already had at least one user ask in a group training session... How do I open an attachment?  ...

  • We use Google's G-Suite and we certainly email ePHI. We use encryption and password protect attachment. We have a BAA with Google and make use of the full suite of products including the Google Drive. All employees have 2 Factor Authentication for the ...

Announcements