Skip to Main Content

Office of Mental Health

Frequently Asked Questions:
Security Rule

Q: How does OMH HIPAA apply to e-mail and internet communications? (January 2004)

A: E-mail within the OMH intranet is Secure and can contain PHI providing no patient details are in the e-mail subject line. E-mail over the Internet is not secure and cannot be sent unless the transmission is protected by an encryption package approved by the CIT ISO.

Q: Who is a covered entity under the Security regulations? (March 2002)

A: Under the Security regulations, you are a covered entity if you are (1) a health plan, a health care clearinghouse, or a health care provider, and (2) you electronically store, maintain, or transmit health information.