Healthcare Encryption Exceptions? – Rickard & Associates

We know that all emails and text messages that contain protected health information (PHI) should be encrypted.

We can help you stay on top of the latest news that affects your everyday life. Subscribe to stay up to date. (To subscribe to our blog ).

Are there any exceptions to the encryption rule?

Just one.

Patients can communicate with covered entities using unencrypted email and text messages, if the patients have been informed of the increased risk.

Patients can opt to have reminders sent via text messages or emails.

One issue that many healthcare providers have regarding encryption, is failing to fully realize all information that is PHI. PHI is an incredibly broad classification that includes much more than just a patient’s name or address or Social Security Number.

Another issue that healthcare providers must face is the over labeling of portals, storage, services as being “HIPAA compliant”.

While some of these services are HIPAA compliant, some are not and it is the covered entity’s job to do their due diligence.

While encryption is an addressable implementation specification, it is an incredibly useful tool for healthcare providers and can greatly reduce penalties in the event of a breach.

Healthcare entities should perform routine and thorough risk assessments to check for areas of vulnerability.

If you need help updating your compliance plan, auditing, or training staff, contact us today.

We know you’re busy. Subscribe to our blog to get updates and news sent directly to your inbox!

We publish vital information on health law topics and news every Wednesday and Friday. To get this important information delivered directly to your mailbox, subscribe today!

Do you need help updating your Business Associate Agreement or negotiating contracts with third-party vendors? We can help. To contact us about your Business Associate Agreement, your vendor contracts or your other legal needs, call us today.