Email Protection Systems

October is Cybersecurity Month, making it an excellent time to look at what you’re doing to protect the data in your care. To guide you in this process, the Department of Health and Human Services (HHS) recommends ten practices that anyone handling ePHI needs to implement. The first recommended practice is email protection systems.

What Are Email Protection Systems?

Email protection systems are integral to keeping email communication secure. The HIPAA Security Rule requires safeguards to be in place before email can be used to transmit electronic protected health information (ePHI). 

For email to be HIPAA compliant, it must have:

  • Integrity controls are measures that protect data from alteration or destruction. End to End data encryption protects information from unauthorized changes. 
  • Access controls are measures that restrict access to data. Access controls allow administrators to grant permission to view ePHI. Restricting access to ePHI ensures that there is no unauthorized access.  
  • Audit controls are measures used to track and record who accessed ePHI and when it was accessed. Audit controls are crucial to detecting unauthorized access to data quickly.
  • Transmission security pertains to monitoring how ePHI is communicated by tracking who sends or receives ePHI. It also involves ensuring the integrity of PHI at rest. This refers to safeguarding ePHI stored on your network through encryption or a firewall.
  • ID authentication is a means to identify the person(s) accessing PHI. This is accomplished with personalized login credentials.

Let’s Simplify Compliance

Do you need help with HIPAA? Compliancy Group can help!