In order to protect the security of electronic protected health information (E-PHI), all users of an health care facility’s computers must take precautions to prevent exposure
of the EPHI to hackers or other entities that may exploit, damage or otherwise effect the integrity of the information. It is a common practice for doctors and other employees in a practice to use workplace computers to send and receive email messages. These messages may be of a personal or business nature and/or may contain patient information, such as images, x-rays, etc.
HIPAA requires that messages not containing EPHI be sent securely, to minimize the potential for email tracking or “contamination” with viruses or malware that may get past firewalls and security software. Free software, such as Gmail, Yahoo, AOL and others are not secure and are vulnerable to hackers. It is possible to port email addresses from these providers through Outlook or other more secure email portals, such as a website, to minimize risks. Your IT support professional can assist you with this. Another issue with using Gmail, Yahoo and others as your business email is the lack of branding. In other words, if you are sending emails from your practice/business, the email should represent the practice, not Gmail. Your web domain should also be your email address. For example our web domain is www.marygovoni.com, and our email addresses are email@example.com and firstname.lastname@example.org. Every time we send or receive emails, our “brand” or business name is utilized and is visible to potential clients. It should be the same for a dental practice. Your web hosting service can provide you with secure email that will provide the HIPAA-required security.
If you are sending email messages with EPHI (x-rays, etc.) those messages must be transmitted with a higher level of security. The reason for this in dentistry is not so much that the images or other information is so highly confidential. The key reason is that when images or attachments are sent with unencrypted emails, there is a traceable electronic pathway from that message/attachment back to the server where those messages are stored. This opens a portal for a security breach. There are many cost- effective encryption services available for dental practices, including some that will integrate directly into your practice management software. The chief complaint that we hear about using encryption is that “it takes so much longer” to send and receive encrypted messages. It really doesn’t take a great deal more time, once the encryption service is installed and set up – it’s all about the perception and having to establish a new habit. Security breaches are increasing in frequency in health care and can be very costly to a practice. IT professionals estimate that the average cost of a security breach from is approximately $100,000. Not to mention that this would create a very negative opinion of the practice for patients and perhaps a sense of distrust and resentment for not protecting their information.
If you have questions about secure email or encrypted email, contact Mary or Tyler at the above email addresses. We are happy to help with product and service recommendations.