DEPARTMENT OF INSURANCE
July 3, 2007
Bulletin 154
Security for Electronic Transmission of Protected Health Information
The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) created by the Office of Civil Rights to implement the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) established a set of national standards for the protection of certain "protected health information" (PHI). 45 CFR 160.103. Many of the organizations subject to the Privacy Rule, "covered entities", are also regulated by the Indiana Department of Insurance (IDOI). While the IDOI recognizes the substantial efforts the health insurance industry has made to comply with the purpose of the Privacy Rule and to define and limit the circumstances in which an individual's health information may be used or disclosed, unfortunately there are still a significant number of members of the health insurance industry that do not adequately protect PHI transmissions. Due to the unparalleled increase in the receipt and transfer of health information electronically, the IDOI strongly recommends that health insurers implement secured e-mail technology for all PHI transmissions, including e-mail exchanges to and from any insured citizen of Indiana.
Indiana Department of Insurance
________________________________
James Atterholt, Commissioner
Posted: 04/30/2008 by Legislative Services Agency
DIN: 20080430-IR-760080303NRA
Composed: Apr 27,2024 10:10:13AM EDT
A
PDF version of this document.
