Three Types of Businesses That Must Be USPS HIPAA-Compliant
- Jul 25, 2023
- 2 min read
When most people think of HIPAA, they envision doctors’ offices and hospitals. However, the regulations do extend to a wide range of other businesses as well. While most people know that they must use a HIPAA-compliant mail service to send any documents with PHI, many do not realize that it applies to other aspects of their business as well.
In this article, we will look at three important ways in which a business must be USPS HIPAA-compliant:
Emailing PHI: Under certain circumstances, it is acceptable to send PHI via email. However, email must be encrypted to protect the data, and there must be a BAA in place with the email provider. Additionally, the recipient must be verified to ensure that it is an authorized individual. It is also a good idea to only use first class mail for any emails containing PHI and to send certified mail whenever possible to prevent any unauthorized individuals from accessing the information.
Faxing PHI: Likewise, faxing is an easy way to share PHI quickly and efficiently. However, fax machines must be kept in locked areas and the faxes should only be stored in the memory of the machine for a short amount of time to limit exposure. Additionally, a fax must be sent to an authorized individual and should not be automatically printed.
Shredding companies: When a Covered Entity hires a shredding company to destroy documents with PHI, they must sign a BAA with that company. This is because the shredding company is considered a Business Associate and must follow HIPAA guidelines. This also applies to delivery services such as UPS and USPS. However, if the Covered Entity expects the delivery service to have no access to the information and the likelihood of this is low, then it is not a BAA requirement.
SITES WE SUPPORT
SOCIAL LINKS
Comments