General discussion


Internet Mail and HIPAA compliance

By uberg33k50 ·
I am trying to find opinions on whether the rules regarding email in the HIPAA regulations (sections 164.306(a)(1), (a)(2) and (a)(4)) indicate that an organization should restrict access to Internet mail by employees.

On the surface it appears to me that permitting access to Internet email would be a viloation because the organization has no way to track and ensure compliance. e.g, what is to stop an employee from transmitting PHI in a Hotmail account and if they did how could you know?

My thought is to block access to those accounts. Does anyone have an opinion as to whether that is reasonable or not?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Block away!

by NickNielsen In reply to Internet Mail and HIPAA c ...

...the organization has no way to track and ensure compliance.

Sounds eminently reasonable to me. My current client stictly controls Internet access and completely blocks internet mail for exactly that reason.

Collapse -

All Internet Mail Capable Sites

by Tig2 In reply to Internet Mail and HIPAA c ...

By HIPPA best practise should be blocked. There has even been discussion around whether ALL employees in an organisation need to have an email account.

Believe me, you will get a lot of flack for this move. Be ready with some new security training.

Another move that works well in conjunction is to disable USB Flash drives and synchronisation with any non issued devices- Blackberries, PDAs, etc as this is another way that your PHI information is capable of making it out of the organisation and into the wild. And of course, no document storage on the C: drive.

Collapse -

Thanks guys

by uberg33k50 In reply to All Internet Mail Capable ...

Thanks for the replies. I hve a meeting tomorrow morning with the President of the company. She wants to know why we think this is necessary. She is against it because she thinks it is aimed more at controling the staff than security.

Related Discussions

Related Forums