Topics: -How is the role of messaging evolving within the healthcare community? - What best practices should healthcare providers take to comply with regulations and plan for the future.

1. HIPAA and E-Mail: Protecting PHI Maurene Caplan Grey Founder, Principal Analyst

4. Healthcare Industry Evolution Targeted treatments Focus on wellness Customer is the consumer Mass market treatment Focus on illness Customer is the doctor

5. Increasing Self-Management via E-Mail Physicians, Pharmacists, Peers… Source: Health Data Management Magazine, “Quick Poll,” 9 Sept 2005 Physician resistance to communicating with patients via e-mail is decreasing. I wonder if I have diabetes? What more can I find out? What are other people doing to control it? Patient = Consumer Is this serious? Do I need a checkup? 32.43 24 Disagree 67.7 50 Agree Percentage Respondents

6. Using an Online Consultation System for Self-Management

7. PHI within the Healthcare Community Patient’s PHI stored as record by the hospital. PHI sent to lab Insurance company stores patient record Lab report sent to doctor Hospital MD gathers PHI from patient Invoice sent to patient’s healthcare insurance

8. The New Healthcare Community Suppliers Providers Payers Employers Government Consumers Physicians Life Sciences

10. Why Security and Privacy Policies Fail Rulings are ambiguous and untested Poor or no business processes Social engineering Wrong technology Right technology, poorly implemented No auditing Lack of user training Poor or no governance Rulings change Fraud “ Lost” PHI Local hard drives, cache, memory sticks, PDAs, smart phones, server storage, application data stores…

11. Approach 1: Gateway 1) File uploads to gateway 2) E-mail sent to recipient with URL that points to file 3) Recipient clicks on URL, authenticates to the gateway and downloads file Often used for ad hoc relationships

12. Approach 2: End-to-End, Gateway 1) File sent to gateway 2) E-mail sent to recipient with URL that points to file 3) Recipient clicks on URL, authenticates to gateway and downloads file Often used for ad hoc relationships, where extra security is required Commercial PGP, OpenPGP, S/MIME … Commercial PGP, OpenPGP, S/MIME …

13. Approach 3: Gateway-to-Gateway Sender Recipient Sender’s gateway to recipient’s gateway Recipient Sender Often used for trusted relationships

14. Approach 4: End-to-End, Gateway-to-Gateway Sender’s gateway to recipient’s gateway Often used for trusted relationships, where extra security is required Commercial PGP, OpenPGP, S/MIME … Commercial PGP, OpenPGP, S/MIME … Sender Recipient Recipient Sender

18. For further information on this topic, contact Grey Consulting [email_address] 845.531.5050 www.grey-consulting.com making messaging and collaboration work