HIPAA Compliance When Transmitting Digital Files

Sending patient information via email, while it’s not a violation, it is a violation if reasonable precautions are not taken, and then the email is intercepted or read by someone without authorized access.
 

Solutions to potential email violations:

• Use encryptions for your emails.

• Double check that whomever that you are sending the email to is supposed to be receiving the email.

• Use a secure server, and verify that the recipient has a secure server.

• Make sure every device has some passcode or authentication log on.

• Install encryptions and enable personal firewalls and security software.

• Texting patient information is often desirable because patient data and images can be sent quickly. The convenience is substantially outweighed by the potential risk of exposing PHI to cybercriminals who could easily access this information, not to mention the casual observer seeing the protected data.

• They could be sent to the wrong number, forwarded by the intended recipient or intercepted while in transit.

• Copies of SMS and IM messages also remain on service providers´ servers indefinitely.

Solutions to potential texting violations.

• If you need to use texting for instantaneous communication, it can be done with relative assurance that the data is safe and you are in compliance. To safely use texting you would need to use an encryption program that allows confidential information to be safely texted, but both parties must have it installed on their wireless device, which is typically not the case.

• Data transmitted beyond an organization's internal firewall should be encrypted to make it unusable if it is intercepted in transit.

• Confirm the fax number - faxing PHI accidentally to the wrong fax number is a violation. 

• You may only fax data to a covered entity or a business associate that has an active business associates agreement.

• Here is the tricky part; you have to have assurances that the information is received in a secure location, by covered individuals. If you fax to a machine in an open area that is accessible to individuals that are not covered it is a possible violation.

Solutions to potential faxing violations.

• Do not allow faxes to sit on public available fax machines.

• Consider switching to a HIPAA compliant cloud fax service.

  T38 Fax over IP, a HIPAA-compliant fax service that uses encryption for secure, real-time transmissions with page-by-page confirmation.

• Always use a cover page, to protect PHI from being exposed to people that should not see it. 
• Keep an audit trail of all PHI that is transmitted.

• The Burbank Dental Lab Portal is secure and HIPAA compliant.

• Allows the uploading of large high-res image files, .pdf documents, text documents, and .stl files.

• Additional benefits of the Burbank Dental Lab portal is case status tracking, tracking of shipments, account information, and bill paying.