How it Works
It’s no secret that non-compliance can be costly, or even crippling to your business. Under HIPAA, healthcare organizations that fail to secure PHI against loss or unauthorized disclosure face fines of up to $250,000 per incident while individuals responsible can face up to 10 years in prison for noncompliance. In addition to harsh financial penalties and criminal proceedings, violators are required by the Department of Health and Human Services to report their compliance breaches to affected parties as well as the media if a breach affects 500 or more individuals. Without question, the ensuing legal entanglements, reputation damage and financial cost of HIPAA violations threaten your business’s bottom line and may critically your organization’s ability to do future business.
Considering the prevalence of accessing, sending and receiving e-PHI via email, and the vulnerabilities of doing so, it is obvious that HIPAA’s call for safeguards extend to email security. Consequently, the Security Rule mandates that affected organizations implement appropriate policies, technical and physical safeguards for information systems that maintain e-PHI, including email, to ensure the security and confidentiality of e-PHI against loss or unauthorized disclosure. Specifically HIPAA requires that affected organizations:
1. Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or
2. Identify and protect e-PHI against reasonably anticipated threats to the security or integrity of
3. Protect e-PHI against reasonably anticipated, impermissible uses or disclosures.
4. Ensure compliance by their workforce.