+ All Categories
Home > Documents > HIPAA Email Encryption - Information Security - Tulane University

HIPAA Email Encryption - Information Security - Tulane University

Date post: 29-Nov-2014
Category:

Documents
Upload: techdude
View: 1,342 times
Download: 5 times
Download Report this document
Share this document with a friend
Description:
 
29
Tulane University and Health Sciences Center HIPAA Email Encryption Leo Tran, Information Security Officer
Transcript
Page 1: HIPAA Email Encryption - Information Security - Tulane University

Tulane University and Health Sciences Center

HIPAA Email

Encryption

Leo Tran, Information Security Officer

Jeremy Pelegrin, Systems Engineer

Page 2: HIPAA Email Encryption - Information Security - Tulane University

Today’s speaker has stated that he has

nothing to disclose.Leo Tran, Information Security Officer

Jeremy Pelegrin, Systems EngineerTulane University Technology Services

Page 3: HIPAA Email Encryption - Information Security - Tulane University

§ 164.312(e) Technical safeguards

• (1) Standard: Transmission security. Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.

• (2) Implementation specifications:• (ii) Encryption. Implement a mechanism to encrypt

electronic protected health information whenever deemed appropriate.

Note: Encrypt data during transmission (data in motion).

Page 4: HIPAA Email Encryption - Information Security - Tulane University

HIPAA Privacy Policy (GC-009)

• Emailing and Faxing Information

The staff of the Tulane University Health Care Component should not transmit protected health information over the Internet (including e-mail) and other unsecured networks unless it has been encrypted and password protected, and the Security Officer approves the process used.

Page 5: HIPAA Email Encryption - Information Security - Tulane University

HIPAA Security Policy (TS-42)

• Tulane University uses encryption to protect the confidentiality, integrity and availability of e-PHI during transmission over electronic communications networks. Tulane University protects “data in motion” by implementing a combination of solutions that includes Virtual Private Networks (VPNs), Secure Sockets Layer (SSL) and other encryption t echnologies where appropriate.

Page 6: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption

• In January 2008, Tulane implemented a system for encrypting email called Ironport. It is an Internet Encryption Appliance used to encrypt email containing PHI (Private Health Information) traveling to email destinations outside of our Tulane firewalls.

• In July 2008, for encryption redundancy, Tulane purchased an additional Ironport system.

Page 7: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption

1. Email Encryption to the outside world

2. Email Encryption within Tulane

Page 8: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption to the outside world using

Ironport

Page 9: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption to the outside world • Type the word Secure: at the subject line• It can be lowercase, uppercase or mixcase• It can be anywhere in the subject line

– Secure:– secure:– SECURE:– The Colon “:” is important.

Page 10: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption to the outside world • Type the word Secure: at the subject line

Page 11: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption to the outside world • For Microsoft Outlook, you can also set the message

sensitivity to Confidential

Page 12: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption to the outside world Your client or patient will see a similar screen with an attachment named securedoc.html

Page 13: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption to the outside world He/she needs to open the securedoc.html

Page 14: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption to the outside world This screen will show if he/she is not a registered user

Page 15: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption to the outside world He/she needs to register to read your encrypted email

Page 16: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption to the outside world After registration he/she will receive a confirmation email

Page 17: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption to the outside world From now on he/she can open encrypted email from you

Page 18: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption to the outside world The system will tell you when your email is read

Page 19: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption within Tulane

Page 20: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption within TulaneFor Outlook Client 2007

Page 21: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption within Tulane

Page 22: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption within TulaneFor Outlook Client 2003

Page 23: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption within TulaneFor Outlook Client 2003

Page 24: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption within TulaneFor Outlook Client 2003

Page 25: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption within TulaneOWA always encrypts using SSL

Page 26: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption within TulaneBy default, email within Tulane for other clients such as Mac Mail,

Entourage or iPhone are encrypted with SSL.

Page 27: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption

1. Email Encryption to the outside worldType Secure: at the subject

line2. Email Encryption within

Tulane

Page 28: HIPAA Email Encryption - Information Security - Tulane University

Resources …

HIPAA Compliance:• Web site http://tulane.edu/compliance• Privacy Official Glenda Folse 504-988-7739• Security Official Leo Tran 504-988-8514

Technology Services Help Desk:• On campus - Uptown: 8888 Downtown: 8-8888• Off-Campus - 1-866-276-1428

Email Encryption:• http://tulane.edu/compliance/training/trainingeducation.cfm

http://tulane.edu/compliance
http://tulane.edu/compliance/training/trainingeducation.cfm
Page 29: HIPAA Email Encryption - Information Security - Tulane University

Email Encryption Resources…Configuring Microsoft Entourage 2008 (Mac)• http://d2.parature.com/ics/support/KBAnswer.asp?deptID=425

8&questionID=2135

Configuring Microsoft Entourage 2004 (Mac)• http://d2.parature.com/ics/support/default.asp?deptID=4258&t

ask=knowledge&questionID=1979

http://d2.parature.com/ics/support/KBAnswer.asp?deptID=4258&questionID=2135
http://d2.parature.com/ics/support/KBAnswer.asp?deptID=4258&questionID=2135
http://d2.parature.com/ics/support/default.asp?deptID=4258&task=knowledge&questionID=1979
http://d2.parature.com/ics/support/default.asp?deptID=4258&task=knowledge&questionID=1979

Recommended
Tulane Hullabaloo 8.27.15

Tulane Hullabaloo 8.27.15

Documents

2015-16 Tulane Women s Basketball Tulane University Women’s Basketball Game Notes // 2 TULANE GREEN WAVE WOMEN’S BASKETBALL NOTES STATE OF TULANE WOMEN’S BASKETBALL

2015-16 Tulane Women s Basketball Tulane University Women’s Basketball Game Notes // 2 TULANE GREEN WAVE WOMEN’S BASKETBALL NOTES STATE OF TULANE WOMEN’S BASKETBALL

Documents

Protecting PHI with encryption for HIPAA compliance

Protecting PHI with encryption for HIPAA compliance

Technology

Tulane Open Classroom

Tulane Open Classroom

Documents

Tulane talkmay2013 final_pdf

Tulane talkmay2013 final_pdf

Documents

Plaintiff - Tulane

Plaintiff - Tulane

Documents

HIPAA Transaction Standard Companion Guide · Encryption Methods • Secure Shell -SSH (preferred for automation) • Secure Socket Layer - SSL Supported Protocols SFTP (Secure File

HIPAA Transaction Standard Companion Guide · Encryption Methods • Secure Shell -SSH (preferred for automation) • Secure Socket Layer - SSL Supported Protocols SFTP (Secure File

Documents

2011 SECURITY REFRESHER Information Security. Agenda HIPAA Update Encryption Overview Mobile Phones and Tablets Cameras USB Drives E-mailing Patient Information.

2011 SECURITY REFRESHER Information Security. Agenda HIPAA Update Encryption Overview Mobile Phones and Tablets Cameras USB Drives E-mailing Patient Information.

Documents

Tulane City Center

Tulane City Center

Documents

Tulane University

Tulane University

Documents

Tulane Empowers

Tulane Empowers

Documents

THE - Tulane University

THE - Tulane University

Documents

ENCRYPTION - HIPAA COWhipaacow.org/wp-content/uploads/2013/03…  · Web view · 2017-06-20This method also has the advantage of being able to ... By applying encryption to the

ENCRYPTION - HIPAA COWhipaacow.org/wp-content/uploads/2013/03…  · Web view · 2017-06-20This method also has the advantage of being able to ... By applying encryption to the

Documents

T.H.R.C.E. - Tulane University

T.H.R.C.E. - Tulane University

Documents

HIPAA Tool Kit - Optum360HIPAA Tool Kit Contents–6 © 201 OptumInsight, Inc. SP-50 Encryption ..... 2-92

HIPAA Tool Kit - Optum360HIPAA Tool Kit Contents–6 © 201 OptumInsight, Inc. SP-50 Encryption ..... 2-92

Documents

ARTICLE 4 SMALL GROUP HEALTH PLAN HIPAA SECURITY COMPLIANCE · SMALL GROUP HEALTH PLAN HIPAA SECURITY COMPLIANCE E-MAIL AND ENCRYPTION E-mail is a powerful communication tool. It

ARTICLE 4 SMALL GROUP HEALTH PLAN HIPAA SECURITY COMPLIANCE · SMALL GROUP HEALTH PLAN HIPAA SECURITY COMPLIANCE E-MAIL AND ENCRYPTION E-mail is a powerful communication tool. It

Documents

WITH - Tulane University

WITH - Tulane University

Documents

U.S. $39.95 HIPAA Demystified - Carosh Compliance Solutions · • Common questions about HIPAA regulations and mobile devices • Encryption requirements under the security regulations

U.S. $39.95 HIPAA Demystified - Carosh Compliance Solutions · • Common questions about HIPAA regulations and mobile devices • Encryption requirements under the security regulations

Documents