Healthcare is a necessary evil in most American's lives - if you're lucky enough to have it. With the possibility of manditory national healthcare on the horizon, it is imperative for IT departments and healthcare professionals alike to be aware of the link between HIPAA and email encryption.
Need for HIPAA
The Health Insurance Portability and Accountability Act is a compliance standard that is designed to protect information stored by healthcare providers and hospitals from being stolen, sold or tampered with. If you have health insurance or have ever been to a hospital, the information that you provided such as social security number, date of birth, credit card number, etc, is stored in a database along with thousands of other people's information. Since most hospitals, clinics and physicians communicate through physical mail, sesitive information like insurance plan details is highly susceptible to tampering. The vulnerability of this information only highlights the need for additional security.
HIPAA encryption, a standard of compliance, ensures that communication pertaining to PHI (Protected Health Information) must be protected through encryption, archiving, indexing and made tamper proof so as to ensure their availability on request. For sensitive content delivered via email, there is a readily available solution. Malicious parties cannot crack encrypted messages, a.k.a. messages that are changed to be "cipher-text". The text, after being sent from the outbox of the sender, is altered to be unreadable. The text is later unencrypted, or changed back to the original message, when the recipient receives it.
HIPAA compliance is manditory for healthcare providers and hospitals, and is necessary to ensure security as well as privacy of the individual. HIPAA demands that messages having PHI are protected when sent through vulnerable links. It also demands the safeguarding of practices by making systems hacker secure and authenticating clients to make sure that PHI does not fall into malicious hands. Healthcare providers failing to protect data may be penalized up to $25,000 for every failure. Deliberate leaks may lead to harsh measures of a penalty charge ranging between $250,000 to $1,00,000, as well as potential jail time. Although exact details of the level of encryption are not specified by the legislation, the minimum requirement is that PHI data must be made undiscoverable by hackers.
It is easier to have HIPAA encrypted now
Initially, it was difficult to have internal IT departments encrypt email at the necessary level to satisfy HIPPA compliance. Now vendors offer solutions that satisfy HIPPA compliance in a cost effective manner. With the availability and skill of IT consultants today, it makes sense to consider IT companies as a viable answer to the compliance problem.