Hipaa Email and Data Privacy for Dental Practice

The gadget spec URL could not be found

Are you in violation of HIPPA?

If you email appointments or other case related to patients, test results and other treatment information to patients using any of the 'non-HIPAA Compliant email services" ( see 'non-HIPAA Compliant email services" on this age). Then the answer is yes are. 


Are you sending Patient Health Information (PHI) using free email services like Gmail, Yahoo, Hotmail, or AOL? From Internet service providers such as AT&T or Verizon? How about reputable web hosting companies like GoDaddy or 1&1? Most email providers have Non-Compliant Privacy Policies and Zero Email Security, meaning your email can be intercepted and stolen by thieves. You can be fined up to $1.5 million during an audit!


If your practice is a covered entity under HIPAA, emailing a patient or emailing patient information involves both the HIPAA Privacy and Security rules. The content of the email, including the patient’s email address, constitutes protected health information (PHI).

What is the financial impact of HIPAA violations

Violation

Penalty

Individual unaware of violation Up to $50,000 per violation, up
Violation per reasonable cause, not willful neglect Up to $50,000 per violation, up to $1.5 million total per year
Violation due to neglect, but corrected within allowed timeframe Up to $50,000 per violation, up to $1.5 million total per yea
Violation due to neglect, left uncorrected $50,000 per violation, up to $1.5 million total per year

Issues with traditional email

  • They are not Hipaa compliance
  • Your data can be accessed and scanned by other "Email users and their contacts should have no reasonable expectation that their correspondences will not be scanned for the purpose of targeting advertising".
  • Your data is not safe, secure and always available.
  • Having @yahoo or @aol..etc. after your name is old fashion and not unprofessional . As you know that image and branding is everything.
  • Free email system is free since you are the product. In Free email account you signed and adhered with email provider terms & agreement.
  • You gave them the right to access or scan your email.
  • Email account bundled with your website hosting. Example: godaddy email.
  • Space restrictions are incredibly small unless you will lose your emails down the line.
  • Some of these email configurations do not work with mobile phone.

Microsoft Outlook or Outlook Express . Issue is everything is tied to the computer running Outlook. You can’t see the same interface from another computer (unless you install Outlook there too)

List of non-HIPAA Compliant email services

In order to maintain a secure environment, you should monitor computer activities and keep track of all gmail or yahoo messages sent by employees. The gathered information is a source for risk analysis. Here is a list of non-HIPAA Compliant email services:

  • Gmail.com
  • hotmail.com
  • live.com
  • yahoo.com
  • aol.com
  • aim.com
  • charter.net
  • sbcglobal.net
  • verizon.net
  • att.net
  • cox.net
  • rr.com
  • comcast.net
  • grandecom.net
  • msn.com
  • ymail.com
  • me.com
  • gmx.com
  • gmx.us
  • mail.com
  • inbox.com
  • lycos.com

What HIPAA Compliance with Google?

Ensuring that our customers' data is safe, secure and always available to them is one of our top priorities. To demonstrate our compliance with security standards in the industry, Google has sought and received security certifications such as ISO 27001 certification and SOC 2 and SOC 3 Type II audits. For customers who are subject to the requirements of the Health Insurance Portability and Accountability Act (HIPAA), Google Apps can also support HIPAA compliance.

Under HIPAA, certain information about a person’s health or health care services is classified as Protected Health Information (PHI). Google Apps customers who are subject to HIPAA and wish to use Google Apps with PHI must sign a Business Associate Agreement (BAA) with Google.

Administrators for Google Apps for Work, Education, Government, and Google Apps Unlimited domains can request a BAAbefore using Google services with PHI. Google offers a BAA covering Gmail, Google Calendar, Google Drive (including Docs, Sheets, Slides, and Forms), Google Sites, and Google Apps Vault services.

Google Apps customers are responsible for determining whether they are subject to HIPAA requirements and whether they use or intend to use Google services in connection with PHI. Customers who have not entered into a BAA with Google must not use Google services in connection with PHI.

We have published our Google Apps HIPAA Implementation Guide to help customers understand how to organize data on Google services when handling PHI. This guide is intended for employees in organizations who are responsible for HIPAA implementation and compliance with Google Apps.

What if your business use a Gmail, Yahoo, or other generic email address?

We can help fix that problem!

Let Seowebpower help you get rid of your generic Gmail, Yahoo, or AOL email address and get a HIPPA compliant email account.


Sources: 
http://www.hitec-med.com/Office-Technology/dental-office-technology-hipaa-complaince
http://www.hipaapractice.com/blog/public-email-usage-in-healthcare
http://help.secure-messaging.com/docs/Secure_Messaging_Dental_White_Paper.pdf





Recent Blogs and Articles


Need a site that works for you?
We create websites that get you noticed by clients.


Seowebpower Services
Website Design
Google Apps for Work
Video Production
Graphic Design
Be Found Locally
Video Marketing
Search Engine Optimization
Press Release Marketing
Email Marketing