Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Protecting Health Care Privacy The U.S. Health Insurance Portability and Account

ID: 415486 • Letter: P

Question

Protecting Health Care Privacy

The U.S. Health Insurance Portability and Accountability Act (HIPAA) addresses (among other things) the privacy of health information. Its Title 2 regulates the use and disclosure of protected health information (PHI), such as billing services, by healthcare providers, insurance carriers, employers, and business associates

Email is often the best way for a hospital to communicate with off-site specialists and insurance carriers about a patient. Unfortunately, standard email is insecure. It allows eavesdropping, later retrieval of messages from unprotected backups, message modification before it is received, invasion of the sender’s privacy by providing access to information about the identity and location of the sending computer, and more. Since healthcare provider email often carries PHI, healthcare facilities must be sure their email systems meet HIPAA privacy and security requirements.

Children’s National Medical Center (CNMC) of Washington, D.C., “The Nation’s Children’s Hospital,” is especially aware of privacy concerns because all such concerns are heightened with children. CNMC did what many organizations do when faced with a specialized problem: rather than try to become specialists or hire specialists for whom the hospital has no long-term full-time need, it turned to a specialist firm.

CNMC chose Proofpoint of Sunnyvale, California, for its Security as a Service (SaaS) email privacy protection service. Matt Johnston, senior security analyst at CNMC, says that children are “the highest target for identity theft. A small kid’s record is worth its weight in gold on the black market. It’s not the doctor’s job to protect that information. It’s my job.”

Johnston explains that he likes several things about the Proofpoint service:

“I don’t have to worry about backups.” Proofpoint handles those.

“I don’t have to worry about if a server goes down. [If it was a CNMC server, I would have to] get my staff ramped up and bring up another server. Proofpoint does that for us. It’s one less headache.”

“We had a product in-house before. It required several servers which took a full FTE [full-time employee] just to manage this product. It took out too much time.”

“Spam has been on the rise. Since Proofpoint came in, we’ve seen a dramatic decrease in spam. It takes care of itself. The end user is given a digest daily.”

Email can be encrypted or not, according to rules that the end user need not be personally concerned with.

“Their tech support has been great.”

Proofpoint is not the only company that provides healthcare providers with email security services. LuxSci of Cambridge, Massachusetts, also offers HIPAA-compliant email hosting services, as do several other firms. They all provide the same basic features: user authentication, transmission security (encryption), logging, and audit. Software that runs on the provider’s computers can also deliver media control and backup. Software that runs on a user organization’s server necessarily relies on that organization to manage storage; for example, deleting messages from the server after four weeks as HIPAA requires.

As people become more aware of the privacy risks associated with standard email, the use of secure solutions such as these will undoubtedly become more common in the future.

Discussion Questions

1. What privacy concerns does transmitting healthcare information via email raise?

2. What requirement does HIPAA institute to safeguard patient privacy?

Critical Thinking Questions

1. Universities use email to communicate private information. For example, an instructor might send you an email explaining what you must do to raise your grade. The regulations about protecting that information under the Family Educational Rights and Privacy Act (FERPA) are not as strict as those under HIPAA. Do you think they should be as strict as HIPAA’s requirements? Why or why not?

2. How does Proofpoint safeguard patient privacy? Could Proofpoint do the same for university and corporate emails? Why or why not?

Explanation / Answer

Discussion questions

Even though standard email is the better there is an issue of eavesdropping, retrieval of emails from unprotected backup’s, message can be modified before even it is received, also does not safeguard sender’s privacy

To safeguard the privacy of the patient HIPAA regulates the use and disclosure of health information like, billing services, healthcare providers, insurance carriers, employers and business associates.

Critical thinking

Yes, it is better to be as strict as possible. Whether it’s HIPAA or FERPA both will have the privacy information and it becomes the duty to maintain the data security of any institute. When you are using the emails as a mode of communication it becomes very easy for the people to hack the information of people especially when it comes to FERPA it contains the information of the family members and a lot more information about them. Taking an example when an instructor sends an email explaining what needs to be done to enahance the grade, protecting that information from others is important. It is one’s personal information and others should not know. If somebody changes the information in the email even before it is received it may mislead the recipient. When the emails are being sent with these information it becomes extremely dangerous to lose out the data and it has to be restricted from a third party being viewed. Hence it is very important to be strict on managing the information.

I strongly believe all the universities and corporates should implement proof point facilities. Proof point provides security to email services. Since most of the organization’s institute strongly believe in email as the mode of communication. Especially when corporates deal with email on any information they cannot afford to lose out on the privacy data and if anything missed it becomes difficult for the company to stay in the market as well. If they implement proofpoint service it provides below services,

It protects you from SPAM

They provide emails encryption services which helps in preventing people to try modify the email data even before it reaches the recipient inbox.

Companies need not worry about server management. Even when the server goes down, proofpoint takes care of the server management

Proofpoint handles the backup

It ask for user authentication and also does the Audit by itself

Hence it is strongly suggested to have the organization’s institute to use proofpoint as a basic service

Related Questions

Propose possible structures consistent with each set of data. Assume each compou
Question #952338
Propose the effects of each of the following drug types on BOTH neural and muscl
Question #87928
Propose three hypotheses that are biochemical in nature. Genetic mutation, WITH
Question #213845
Propose who bears the financial risk of a capitation payment system: the provide
Question #2784010
Proposed Free Trade Areas - there are many proposals for establishing free trade
Question #1208755
Proposed Problem In this unit, you learn many concepts and techniques in Discret
Question #3009525
Proposed by Stephen Morris, Newbury, U. K., and Stan Wagon, Macalester College,
Question #3082103
Proposed investment in new machine $125,000 Cost of old machine (purchased 4 yea
Question #2712591
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Protecting Cash Osage Farm Supply had poor internal control over its cash transa
Next
Protecting Your Data from Data Breaches How should customers be informed of the

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.