HIPAA, yet again

  1. I have a small one person nurse consulting business. I write and email and store and fax/receive confidential patient information. Does anybody have any suggestions for HIPPA compliance? The companies I have spoken with so far are all geared to bigger needs- and running upwards of $400/ month.Thanks for your ideas!
    Last edit by sirI on Aug 13, '12 : Reason: re-formatted post
  2. Visit Larrythenurse profile page

    About Larrythenurse, ADN

    Joined: Nov '03; Posts: 20; Likes: 15
    Nurse Consultant
    Specialty: 24 year(s) of experience in DD, Community nursing


  3. by   preoprn
    Larrythenurse, I have the same small one person consulting business also. I make sure that everything I email or fax has a confidential cover sheet, which is all that was required at the hospital I worked at. My computer has a password and it also has an encryption program on it so if my computer is stolen and taken apart, the files that I store cannot be read.

  4. by   Larrythenurse
    Thanks for the reply. That is what i have been doing to, however I am concened that a google or yahoo mail even with such a note may not be considered protected enough.
  5. by   CraigB-RN
    One of the options is to host your own email server. Which can be a royal pain. The legal group I consult for hosts there own,so they have full control. It uses public domain software and includes public key encryption as well as other levels of security. They aren't so worried about HIPAA but other things. Once it's in their possession it isn't a HIPAA issue for them. (Still for the covered entity that sent it in the first place)

    Before I spent any money though, I'd look a little deeper into HIPAA and see what YOUR responsibilities are. Look and see how you fall into the definition of a covered entity and that may help you decide on how much to spend.

    Your right Google and Yahoo aren't secure unless you encrypt.
  6. by   deann52
    You are right to worry about gmail or any other public email. Everything you do is "owned" by them essentially, nothing is considered truly private there. I would look into getting your own email service
  7. by   nurseprnRN
    I use YouSendIt or Dropbox for confidential files or any that are too large to email anyway. You can password-protect them, get confirmation of delivery and opening. As Craig-BRN says above, you may not fall under the HIPAA regs anyway, but there may be other confidentiality aspects of your work that require some level of care. Ask your attorney, or if you are working for an attorney firm, ask them. Worse comes to worse, FedEx and UPS are your friends.