Frequently Asked Questions:
Q: How does OMH HIPAA apply to e-mail and internet communications? (January 2004)
A: E-mail within the OMH intranet is Secure and can contain PHI providing no patient details are in the e-mail subject line. E-mail over the Internet is not secure and cannot be sent unless the transmission is protected by an encryption package approved by the CIT ISO.
Q: Who is a covered entity under the Security regulations? (March 2002)
A: Under the Security regulations, you are a covered entity if you are (1) a health plan, a health care clearinghouse, or a health care provider, and (2) you electronically store, maintain, or transmit health information.
Comments or questions about the information on this page can be directed to the Office of the Counsel.