Two of the most talked-about technology compliance headlines under discussion these days involve the Health Insurance Portability and Accountability Act, better known for its HIPAA acronym.
The Dangers of Mishandled Email Servers
According to a report published in the online edition of Forbes magazine, a series of email mishaps have created a compliance situation for a Web platform that provides online counseling for patients with issues related to emotional well-being.
The platform in question is Talkspace. At this time, it is not clear whether Talkspace is an HIPAA covered entity, but the incident certainly seems like a breach of patient confidentiality that involved email systems. According to the Forbes article, a therapist who no longer works at Talkspace reached out to the Office of Civil Rights in charge of HIPAA complaints. The therapist’s concern was that the Talkspace platform did not provide sufficient safeguards to protect the confidentiality of patients, which is an HIPAA tenet.
The manner in which Talkspace reacted to the incident created further HIPAA concerns, particularly with regard to email compliance. It so happened that a Talkspace VP sent an email message to patients of the aforementioned therapist; regrettably, the sender used the standard CC: function, which revealed the names and addresses of 18 patients.
Making Sure You are HIPAA Compliant
If you are an HIPAA covered entity operating in Victorville or another High Desert community, you should be concerned about possible audits and potential regulatory fines. HIPAA states that your email system should have specific controls for access, integrity, transmission security, audits, and third-party access.