The Office for Civil Rights - the branch of the U.S. E2EE simply refers to any service that encrypts both messages in transit and stored messages.
Given how much effort has to go into finding and validating a suitable encryption alternative, it really is easier for your organization to simply look for an email service that offers end-to-end encryption (E2EE) as standard. In order to determine whether an alternative is acceptable, a covered entity must conduct a risk assessment and carefully document their process. Instead, “addressable safeguard” means that covered entities can use encryption to safeguard PHI, or an alternative that provides the same or a greater level of protection as encryption. This vague descriptor has led some covered entities to believe that HIPAA’s encryption requirements are optional, which couldn’t be further from the case.
HIPAA’s policy regarding encryption has caused a great deal of confusion over the years because the regulation states that encryption is an “addressable safeguard.” Perhaps the most important feature to look for in a HIPAA compliant email service is encryption.
0 kommentar(er)
