EMAIL ENCRYPTION: Emails that contain protected health information must be encrypted to ensure they are transmitted securely. The HIPAA Compliance Office has created the following guidance for your convenience: Email Encryption Explained
PHISHING EMAILS: Phishing email attacks put protected health information ETSU Faculty, Staff and Students communicate via encrypted email at risk. The HIPAA Compliance Office has created the following guidance for your convenience: Protect Patient Information & Minimize Risk to PHI in your ETSU Email Mailbox
SECURING YOUR PERSONAL DEVICE: ETSU Faculty, Staff and Students that use personal devices to access, create, receive, maintain or transmit protected health information should ensure their personal devices are adequately secured. When a security incident occurs, whether or not your device is encrypted determines whether or not the security incident is reportable to the Office of Civil Rights. The HIPAA Compliance Office has created the following guidance for your convenience: How to Secure Your Personal Devices
As always, anytime a device that accesses, creates, receives, maintains or transmits protected health information is lost or stolen, the incident should be immediately reported to the ETSU HIPAA Compliance Office and ETSU ITS so that appropriate action can be taken to mitigate the risk of harm to our patients' health information.
BUSINESS ASSOCIATES: Guidance on HIPAA & Business Associates
U.S. Department of Health & Human Services: http://www.hhs.gov/hipaa/
HIPAA Administrative Simplification Text of Combined Rules: http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/combined/hipaa-simplification-201303.pdf