hipaa email encryption - information security - tulane university
DESCRIPTION
TRANSCRIPT
Tulane University and Health Sciences Center
HIPAA Email
Encryption
Leo Tran, Information Security Officer
Jeremy Pelegrin, Systems Engineer
Today’s speaker has stated that he has
nothing to disclose.Leo Tran, Information Security Officer
Jeremy Pelegrin, Systems EngineerTulane University Technology Services
§ 164.312(e) Technical safeguards
• (1) Standard: Transmission security. Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.
• (2) Implementation specifications:• (ii) Encryption. Implement a mechanism to encrypt
electronic protected health information whenever deemed appropriate.
Note: Encrypt data during transmission (data in motion).
HIPAA Privacy Policy (GC-009)
• Emailing and Faxing Information
The staff of the Tulane University Health Care Component should not transmit protected health information over the Internet (including e-mail) and other unsecured networks unless it has been encrypted and password protected, and the Security Officer approves the process used.
HIPAA Security Policy (TS-42)
• Tulane University uses encryption to protect the confidentiality, integrity and availability of e-PHI during transmission over electronic communications networks. Tulane University protects “data in motion” by implementing a combination of solutions that includes Virtual Private Networks (VPNs), Secure Sockets Layer (SSL) and other encryption t echnologies where appropriate.
Email Encryption
• In January 2008, Tulane implemented a system for encrypting email called Ironport. It is an Internet Encryption Appliance used to encrypt email containing PHI (Private Health Information) traveling to email destinations outside of our Tulane firewalls.
• In July 2008, for encryption redundancy, Tulane purchased an additional Ironport system.
Email Encryption
1. Email Encryption to the outside world
2. Email Encryption within Tulane
Email Encryption to the outside world using
Ironport
Email Encryption to the outside world • Type the word Secure: at the subject line• It can be lowercase, uppercase or mixcase• It can be anywhere in the subject line
– Secure:– secure:– SECURE:– The Colon “:” is important.
Email Encryption to the outside world • Type the word Secure: at the subject line
Email Encryption to the outside world • For Microsoft Outlook, you can also set the message
sensitivity to Confidential
Email Encryption to the outside world Your client or patient will see a similar screen with an attachment named securedoc.html
Email Encryption to the outside world He/she needs to open the securedoc.html
Email Encryption to the outside world This screen will show if he/she is not a registered user
Email Encryption to the outside world He/she needs to register to read your encrypted email
Email Encryption to the outside world After registration he/she will receive a confirmation email
Email Encryption to the outside world From now on he/she can open encrypted email from you
Email Encryption to the outside world The system will tell you when your email is read
Email Encryption within Tulane
Email Encryption within TulaneFor Outlook Client 2007
Email Encryption within Tulane
Email Encryption within TulaneFor Outlook Client 2003
Email Encryption within TulaneFor Outlook Client 2003
Email Encryption within TulaneFor Outlook Client 2003
Email Encryption within TulaneOWA always encrypts using SSL
Email Encryption within TulaneBy default, email within Tulane for other clients such as Mac Mail,
Entourage or iPhone are encrypted with SSL.
Email Encryption
1. Email Encryption to the outside worldType Secure: at the subject
line2. Email Encryption within
Tulane
Resources …
HIPAA Compliance:• Web site http://tulane.edu/compliance• Privacy Official Glenda Folse 504-988-7739• Security Official Leo Tran 504-988-8514
Technology Services Help Desk:• On campus - Uptown: 8888 Downtown: 8-8888• Off-Campus - 1-866-276-1428
Email Encryption:• http://tulane.edu/compliance/training/trainingeducation.cfm
Email Encryption Resources…Configuring Microsoft Entourage 2008 (Mac)• http://d2.parature.com/ics/support/KBAnswer.asp?deptID=425
8&questionID=2135
Configuring Microsoft Entourage 2004 (Mac)• http://d2.parature.com/ics/support/default.asp?deptID=4258&t
ask=knowledge&questionID=1979