To Encrypt or Not? That is the Question….


Shauna Baughcum, MSHA, CHC, CHPC, CPC

Assistant Director, Corporate Compliance, UMC Health System

The HIPAA Security Rule states you need to encrypt transmitted data that is sent over an open network.  An open network means the wild world of the Internet.  If you are sending Protected Health Information (PHI) or any sensitive data within a closed network, such as to coworkers, the PHI does not need to be encrypted as long as you have assurances the PHI is not being sent over an open network.  For example, if you send an email containing PHI through, you don’t need to encrypt the email.  On the other hand, if you send that same email through a method that is transmitted OUTSIDE, such as free version of Gmail, it must be encrypted even if it is being sent to someone else who is part of your organization.  Before sending any emails to individuals or in a group double-check to make sure all the emails addresses are within the network. If there is just one outside the, you need to encrypt.  All you need to do to encrypt is type SECURE in the subject line of the email.
Best Companies to Work for in Texas 2022
HG Outstanding Patient Experience 2022
Best Hospitals Women's Choice Award for Patient Experience, Mammogram center, Cancer Care, and Women's Services 2022
Magnet Recognition Logo CMYK [png]