A: E-mail within the OMH intranet is Secure and can contain PHI providing no patient details are in the e-mail subject line. E-mail over the Internet is not secure and cannot be sent unless the transmission is protected by an encryption package approved by the CIT ISO.

Q: Who is a covered entity under the Security regulations? (March 2002)

A: Under the Security regulations, you are a covered entity if you are (1) a health plan, a health care clearinghouse, or a health care provider, and (2) you electronically store, maintain, or transmit health information.

Comments or questions about the information on this page can be directed to the Office of the Counsel.

Last Modified: 11/15/2012

Security statement: Users shall not interrupt or disrupt the operation of this site nor restrict or inhibit any user's ability to access the site. Unauthorized attempts to upload information to the site or change information on the site or to interrupt or disrupt operation of the site are strictly prohibited and may subject the perpetrator to both civil and criminal penalties under Federal and/or State law.

Frequently Asked Questions: Security Rule

Frequently Asked Questions:
Security Rule