One of the three foundational security requirements is availability-the ability to access data when you really need it. Data accessibility is considered sound security practice and is a requirement per the HIPAA Security Rule (45 CFR 164.306[a]). If a data storage device fails, you can lose access to your patients' or health plan members' PHI. This could adversely affect patient care and service to health plan members.
Q Can a mental health and alcohol and chemical dependency treatment health center e-mail and text PHI between healthcare providers and between field caseworkers and patients? We have implemented a secure messaging solution, but it is the organization's policy to prohibit sending PHI via e-mail or text.