policy:data_privacy:transmitting_information
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
policy:data_privacy:transmitting_information [2019/06/07 18:08] – [University of Colorado IT Security Program Policy] tonyromero | policy:data_privacy:transmitting_information [2019/06/13 17:28] (current) – tonyromero | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Transmitting Sensitive Information Securely including Faxing and Email ====== | ====== Transmitting Sensitive Information Securely including Faxing and Email ====== | ||
- | |||
- | \\ | ||
- | a. Email and Webmail Stay Secure [[https:// | ||
===== Applicable University of Colorado Denver Policies ===== | ===== Applicable University of Colorado Denver Policies ===== | ||
Line 10: | Line 7: | ||
All data and information resources of the SEHD are subject to University of Colorado' | All data and information resources of the SEHD are subject to University of Colorado' | ||
- | > If Highly Confidential | + | > If Highly Confidential |
- | + | ||
- | > Highly Confidential information stored on portable electronic media shall be encrypted or otherwise adequately protected based on security standards and guidance from the campus Information Security Officers. | + | |
==== University of Colorado Denver HIPPA Policy ==== | ==== University of Colorado Denver HIPPA Policy ==== | ||
- | The most secure SEHD data are subject to the [[http:// | + | The most secure SEHD data are subject to the [[http:// |
Email: | Email: | ||
+ | |||
> If PHI must be transmitted via e-mail, and the e-mail recipient is part of the internal e-mail system, i.e. UCD, UCH, CHC, or UPI, the e-mail does not need to be encrypted, given that the network is private. If the e-mail must be sent across the Internet to either a patient or another entity covered by HIPAA, encryption should be applied to the e-mail message. Personal e-mail accounts (ex. AOL, yahoo) may not be used to transmit e-mail containing PHI, due to the fact that these e-mail systems are not encrypted. | > If PHI must be transmitted via e-mail, and the e-mail recipient is part of the internal e-mail system, i.e. UCD, UCH, CHC, or UPI, the e-mail does not need to be encrypted, given that the network is private. If the e-mail must be sent across the Internet to either a patient or another entity covered by HIPAA, encryption should be applied to the e-mail message. Personal e-mail accounts (ex. AOL, yahoo) may not be used to transmit e-mail containing PHI, due to the fact that these e-mail systems are not encrypted. | ||
Fax: | Fax: | ||
+ | |||
> Fax machines used for transmitting or receiving PHI must be in locations secured from the general public. Before sending out faxes, ensure that the destination phone number is correct and include appropriate cautions and disclaimers on the fax cover sheet. Faxes should always have cover sheets. | > Fax machines used for transmitting or receiving PHI must be in locations secured from the general public. Before sending out faxes, ensure that the destination phone number is correct and include appropriate cautions and disclaimers on the fax cover sheet. Faxes should always have cover sheets. | ||
Internet: | Internet: | ||
+ | |||
> Since the Internet is inherently insecure and there is a risk of data being intercepted, | > Since the Internet is inherently insecure and there is a risk of data being intercepted, | ||
+ | |||
+ | Please visit OIT's email information page to learn more [[https:// | ||
policy/data_privacy/transmitting_information.1559930882.txt.gz · Last modified: 2019/06/07 18:08 by tonyromero