HIPAA Q&A: Encryption
Q. Would a covered entity or business associate be in violation of the HIPAA Security Rule if it sends PHI in unencrypted e-mails to an e-mail address within the same domain using a Microsoft Exchange™ server behind the organization’s firewall?
A. No. PHI can be sent unencrypted within what is called a closed network. A network that is internal to the organization and protected by a firewall is considered a closed network. If the firewall is breached and unencrypted PHI is accessed, that would be considered a breach of unsecure PHI and breach notification requirements would apply.
Medical Equipment, Oxygen, C-Pap, Scrubs, Scooters
No comments:
Post a Comment