There is a wide body of people that believe they are sending information private because they are sending using Microsoft Office 365, Gmail, or using a third-party service that sends all messages using transmission layer security.
With the recent media focus on cybersecurity, whether it is talk of Russian hackers scheming to influence US presidential elections, or the pervasive pressure to comply with GDPR or HIPAA (healthcare privacy regulations) or other consumer data privacy requirements, “encryption” is one of the solutions that is often introduced.
Many, many software service sales professionals throw around security phrases to make cyber security sound simple. Today, as technologies advance and threats get ever more sophisticated, encrypting email for privacy compliance is not getting simpler. The devil (hacker) is in the details.
Habits are often hard to break. Some professional offices, particularly in the health care sector, when there is a need to send something private, send by fax. Their belief is, if they send by fax, the transmission is secure and private (HIPAA compliant).
As consumer awareness of data privacy issues increases, companies that don’t take their clients’ data privacy seriously are getting hit harder and harder. In healthcare, a Florida healthcare provider paid a $5.5 million fine (a HIPAA record) earlier this year for allowing more than 115,000 patient records to be improperly accessed and disclosed. Last year, Ashley Madison paid almost $1.6 million to settle charges related to Federal Trade Commission (FTC) enforcement of data privacy laws, after the online “cheating” site’s virtually non-existent cybersecurity practices allowed the compromise of all its 36 million users worldwide.
Email encryption is one of the strongest defenses that an organization can implement against data breaches brought on by the improper disclosure or distribution of medical records or protected health information (PHI). But without written policies and procedures governing the use of encryption services, these efforts mean next to nothing in the eyes of HIPAA auditors who have been redoubling their efforts to investigate non-compliance across the health care industry.
Small business are not ‘under the radar’ of government enforcement for HIPAA privacy and security rules. Not only is the government issuing meaningful fines to small businesses for non-compliance with these data privacy rules, they are explicitly stating that regardless of the size of the firm, whether a small physician’s office or insurance broker, they will hold everyone accountable.
Importance of HIPAA Compliant for Electronic Signatures in Standardizing Electronic Health Care Transactions
RE: Required Patient and Beneficiary Authorizations, Notices and Acknowledgments
Unlock Permitted Cost Savings and Time Efficiencies
People often view HIPAA as a burden – heightened regulatory enforcement related to data protection and privacy. It is. However, most overlook the efficiencies that HIPAA permits.
The following article, written by Jon Neidiz, a partner in Nelson Mullins Riley & Scarborough’s Atlanta office and co-leader of the Firm’s Information Management Practice, is a useful short summary for those considering HIPAA privacy issues in the context of email – and RMail’s email encryption service. Key to using email encryption for compliance with regulations is ensuring that the sender organization has an auditable proof record of compliance – the focus of RMail’s email encryption service that is accomplished by return Registered Receipt™ email to the sender’s organization. Neiditz’s article follows:
