The Health Insurance Portability and Accountability Act (HIPAA), sets the standard for protecting sensitive patient data. Any organization dealing with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed. This of course includes HIPAA compliant email.
Organizations include Covered Entities (anyone who provides treatment, payment and operations in healthcare) and Business Associates (anyone with access to patient information and provides support in treatment, payment or operations). This also includes making sure you have HIPAA compliant email baked in when it comes to your email service provider.
Even subcontractors, or business associates of business associates, must also be in compliance.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy rule uses Protected Health Information (PHI) to define the type of patient information that’s protected by law. PHI is an important factor for HIPAA compliance.
Anything that can identify a patient and is used during the course of their care. This includes common identifiable information or basic information such as their:
Any information that can reasonably be used to identify an individual and is used during the course of care is considered PHI.