REDW Services

• AUDIT & CONSULTING
• BUSINESS VALUATION SERVICES
• CASINO GAMING SERVICES
• CONSULTING SERVICES
• EMPLOYEE BENEFITS SERVICES
• FORENSIC & LITIGATION SERVICES
• HEALTHCARE SERVICES
• SEMINAR TOPICS
• TAX SERVICES
• TECHNOLOGY SERVICES
• TRIBAL SERVICES

• REDW Trust Services
• REDW Stanley Wealth Management/ Financial Services

• Printable Information

Download PDF file

Electronic Mail (Email) has become the most widespread and widely used messaging system in the world. Many of us have become highly dependant on email, whether it is for business or personal use.

Ask yourself the following questions and be honest with yourself in your answers:

How would you feel if you lost all your email from your email box?

How would you feel if your office email was down for 2-3 days?

Would you rather email someone than write them a letter?

If your answers and feelings are the same as mine and most of my colleagues, then email is an important part of your business and your life. Used correctly, email can be a very valuable method of communication. Used incorrectly, email can be an enormous security risk exposing you and your data to a litany of possible threats.

There are some simple truths and hidden dangers that we need to understand about email before we decide when, where and how to use it. This is of particular importance in the healthcare industry where protection of patient data is so important.

Simple truths about email
Email was never meant, nor was it originally designed for the purposes for which we now use it. It was designed in the infancy of the Internet as a trivial messaging system for "around the cooler" type messages that were sent within local area networks. However, its ease of use and success in those early days led to its being used by an increasing number of organizations and individuals. Messages started to be sent all over the country and eventually all over the world.

One of the main protocols (rules governing communication) email uses to send the messages is called "Simple Mail Transport Protocol" (SMTP). The important word to note here is "Simple". Email is sent using a simple non-guaranteed delivery system. The system does not guarantee that the email will be delivered at all, let alone to the correct recipient. How often have you seen an email in your in-box that was obviously not intended for you?

Email is equivalent to a postcard in the traditional mailing system. Everyone who touches the postcard can read it. Would you write your personal information or the personal information of your patients on a postcard and mail it?

Hidden dangers of email

Email may go to unintended recipients because of the non-guaranteed delivery system

Email may be forwarded to anyone without your permission or knowledge

It is easy to misaddress an email and it gets sent to the wrong person

Email can be easily edited, altered or falsified and changes can be very difficult to prove

Backup copies of emails may exist in many places - such as on your organization's server, on the recipient's computer or on the Internet Service Provider's server.

People tend to use email boxes as filing cabinets to store and save all kinds of email and attachments

People put things in emails that they would not put in a formal document

Email is discoverable in litigation

Email is the most common way of spreading viruses and other malware

Despite these dangers it is not unusual for patients and their healthcare providers to communicate by email, and in some cases, electronic protected health information (EPHI) may be sent.

Under the Health Insurance Portability and Accountability Act (HIPAA), using email to send EPHI or correspond with patients is not expressly prohibited. The HIPAA standards of access control, integrity and transmission security require covered healthcare entities that choose to send EPHI by email to address how they will protect this information.

There are a several ways to secure information sent by email.

Send information in a password protected attachment to the email. This is not the most secure method but is better than no security at all.

Encrypt email that contains EPHI. Easy to use software encryption programs are available commercially. In most cases, as long as the recipient of the email has the decryption password, they are able to decrypt the email and do not need to have the same software installed on their computers.

Use web based email services. In this case a web based third party is responsible for handling all the security, encryption, and decryption of sensitive email. The email resides on their servers not on your organization's servers. A set monthly fee is paid for each secure email box you require. Many of these services are HIPAA compliant.

Implement email gateways. Email gateways usually come in the form of a hardware device that sits between the sending organization's email server and the Internet. The email gateway device encrypts and decrypts all of the email being sent out of the organization.

If you have any questions or would like to know more about the hidden dangers of email or email security please contact Tina MacGregor at REDW Technologies LLC at 505-998-3259.
••••••