Stop PHI Leaks: A Guide to the Importance of Email Encryption and HIPAA

Date of Publication: 
November 2009

Knowledge Base item Tags:


If you’re not protecting your patients’ personal health information (PHI), be prepared to pay the price.
The revamped Heath Insurance Portability and Accountability Act (HIPAA) comes down hard on healthcare organizations and their business partners if they don’t rigorously protect PHI.
The Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA), calls for the encryption of all PHI sent via email.
The most popular way to exchange information is email. It’s well understood and it’s ubiquitous. However, its inherently insecure nature, combined with it being a high volume channel, makes it particularly susceptible to HIPAA-related exposures, especially as it’s frequently used to send sensitive data containing PHI.
The healthcare industry and its business partners face significant challenges to meet the compliance requirements of the revised HIPAA. This legislation imposes new security rules that provide substantial authority for enhanced enforcement. Breaking the rules will cost you. Under the new legislation, organizations will be fined up to $1.5 million—up from $25,000—for violating patients’ privacy. It also extends the effective reach of HIPAA coverage to business associates. Companies must re-evaluate their overall privacy compliance programs and implement more effective information security practices, including encryption wherever possible.
ZixCorp recognizes that many healthcare organizations are just beginning to implement effective methods to ensure private information is transmitted securely. Each day healthcare organizations unknowingly expose themselves to significant risks posed by emailing unprotected data—even with privacy policies in place.
ZixCorp uses the industry’s leading comprehensive healthcare content filters to help identify an organization’s PHI exposure while ensuring their emails are secured. This guide illustrates what emailed PHI looks like and explains how ZixCorp’s content filters, based on strong HIPAA-related lexicons, are part of an effective and thorough secure email protection program.