FROM: Karen Thomas - VP/CIO Information Services; Andrew Curtin, M.D. - Chairman, MLH Medical Executive Committee
RE: Patient Information and ZixMail
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandated important restrictions to access your patient’s medical information. One of these is the electronic transmission of patient information. When using e-mail to transmit Protected Health Information (PHI), physician offices as well as healthcare organizations must provide safe and secure encryption of that information across the Internet.
Any Protected Health Information being sent OUT of the MLH Intranet to a recipient with a non-MLHS.ORG address will be automatically encrypted by a product called ZixMail. ZixCorp is an independent company providing security solutions for e-mail. The company has been instrumental in maintaining a not-for-profit organization called “Healthy E-mail.org” that promotes physician use of encryption for sensitive PHI. Healthy E-mail.org and ZixCorp have combined to provide (free of charge for two years) the software to automatically review an encrypted e-mail on your office or home computer.
By providing the software free for two years, ZixCorp is clearly positioning themselves to dominate this burgeoning market. They have not clearly stated the eventual subscription costs but indicate it will be “reasonable”. Nonetheless, even if you do not wish to download the free program to your computer, you and your patients will always be able to view the contents of a ZixMail encrypted e-mail with just one more step. The ZixMail encrypted e-mail will direct you to a secure website to retrieve the sensitive information upon signing in to the site. However, we recommend trying the ZixMail client for free; it is in use by many healthcare and financial institutions already, including some third party insurers for transmitting billing information.
The ZixCorp's Secure E-Messaging Solution in use at MLH automatically probes any e-mail for combinations of words such as patient names, diseases, account numbers that indicate Protected Health Information content. Again, this will only occur for OUTBOUND email communications from Main Line Health to your non-Main Line Health email addresses. Practically speaking, the number of times such an encryption will occur will likely be uncommon but the process must be in place.
The secure e-messaging solution is scheduled to be implemented on Monday, November 14, 2005.
For more information, call 1.866.CALL.MLH.