EMAIL ENCRYPTION: Emails that contain protected health information must be encrypted to ensure they are transmitted securely. The HIPAA Compliance Office has created the following guidance for your convenience: Email Encryption Explained
SECURING YOUR PERSONAL DEVICE: ETSU Faculty, Staff and Students that use personal devices to access, create, receive, maintain or transmit protected health information should ensure their personal devices are adequately secured. When a security incident occurs, whether or not your device is encrypted determines whether or not the security incident is reportable to the Office of Civil Rights. The HIPAA Compliance Office has created the following guidance for your convenience: How to Secure Your Personal Devices
As always, anytime a device that accesses, creates, receives, maintains or transmits protected health information is lost or stolen, the incident should be immediately reported to the ETSU HIPAA Compliance Office and ETSU ITS so that appropriate action can be taken to mitigate the risk of harm to our patients' health information.
BUSINESS ASSOCIATES: Guidance on HIPAA & Business Associates
U.S. Department of Health & Human Services: http://www.hhs.gov/hipaa/
HIPAA Administrative Simplification Text of Combined Rules: http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/combined/hipaa-simplification-201303.pdf