These forums are now Read Only. If you have an Acrobat question, ask questions and get help from one of our experts.

HealthCare Security - HIPAA

Forum Index > Security > HealthCare Security - HIPAA
2011-12-01 18:16:29
sanderson@prair...
Registered: Dec 1 2011
Posts: 2
Answered

I am looking for information on how to send .pdf files that have patient information called PHI (Protected Health Information) securely so as to meet HIPAA guidelines using Acrobat X Pro.
 
In the healthcare field this is a very important issue as we continuously need to send information via e-mail. Although at this time we must fax.
 
thanks

Scott R. Anderson
Prairie Spine & Pain Institute, S.C.
sanderson [at] prairiespine [dot] com

My Product Information:
Acrobat Pro 10.1, Windows
Top
2011-12-02 08:06:46
#1
try67
Expert
Registered: Oct 30 2008
Posts: 2398
Security in PDF is problematic. You can encrypt the file so that a password would be required to open it, but there are tools that can remove that in a second. I don't know how strict the regulations you need to follow are, but you might want to consider something like DRM protection, or something like a secured website.

- AcrobatUsers Community Expert - Contact me personally at try6767 [at] gmail [dot] com
Check out my custom-made scripts website: http://try67.blogspot.com

Top
2011-12-03 11:47:07
#2
George_Johnson
Expert
Registered: Jul 6 2008
Posts: 1875
Accepted Answer
I just want to add emphasis to and expand some points Try67 made. You can use standard password security to encrypt a PDF with sufficient strength to meet some technical requirements imposed by the regulations. Such documents can be safely transmitted electronically using email, but that's just small part of the puzzle. The next challenge is to devising a system that ensures that passwords are generated/applied/transmitted/communicated in a secure manner. For example, sending an encrypted PDF via email can be sufficiently secure, but you cannot then send the required open password by email as plain text. If an email account were compromised, the data in the encrypted files would be too. Use of the same document open password for multiple documents would also represent a significant vulnerability and would be a very bad idea. A system that uses standard security is not the best general approach for data that needs to be protected under HIPAA regulations, even though it can be in limited circumstances. The best way to protect PDFs would be with DRM, such as Adobe's LiveCycle Rights Management, perhaps along with other access controls. DRM allows a great deal of control that simply is not possible otherwise.

This is a complicated issue that requires a thorough understanding of the issues and is ultimately well beyond the scope of this forum.
Top
2011-12-04 12:27:06
#3
sanderson@prair...
Registered: Dec 1 2011
Posts: 2
George:

I am looking into LiveCycle Rights Management now. Thanks for your input.

Scott R. Anderson
Prairie Spine & Pain Institute, S.C.
sanderson [at] prairiespine [dot] com

Top
2011-12-05 10:47:37
#4
dvenance
Registered: Apr 20 2010
Posts: 2
As George states, HIPPA regulations are not something trivial, but I do know that Adobe's LiveCycle Rights Management solution does have several of the features required to become compliant. Documents can be encrypted and there are features in the Rights Management solution for self registration (getting you around the issue of having to communicate a password in order to gain access to a document as the end user manages that themselves). There is more information on Adobe's offering at: http://www.adobe.com/products/livecycle/rightsmanagement/. You can also see an in depth solution brief on how Adobe technology is used within the healthcare industry at: http://www.4point.com/pdf/95010846_solhealthcare_sb_ue.pdf.

Dave Venance
dvenance [at] hotmail [dot] com

Top