If you are a healthcare organization working with protected health information (PHI), you need to make sure all communication, storage, and transmission of PHI is HIPAA compliant, this includes email communications. HIPAA compliant email is essential to securing patients’ sensitive information.

But what is HIPAA compliance, and what are the HIPAA email rules and steps for email to become HIPAA compliant?

hipaa compliant email

What is HIPAA?

HIPAA stands for the Health Insurance Portability and Accountability Act. The act was established by the U.S. Department of Health & Human Services to set a standard to protect a patient’s healthcare information from public access.

The security of this sensitive information is crucial due to the nature of the information involved. Your healthcare provider has access to private information such as your medical history, your family’s medical history, your financial information (such as your credit card or bank) or your Social Security number.

HIPAA’s mandatory compliance works to prevent this information from falling into malicious hands.

Questions about HIPAA? We can help!

How do I know if I’m HIPAA compliant?

To be HIPAA compliant, you must abide by the Privacy Rule and the Security Rule.

The Privacy Rule “requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization.”

The Security Rule “requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.”

Any personnel handling protected health information (PHI) must comply with these rules. These select individuals are divided into two categories: covered entities and business associates.

A covered entity simply provides treatment, payment and operations in healthcare. A business associate has access to patient information and provides support in treatment, payment, or operations.

What is HIPAA compliant email?

There are many methods to create, transmit, and store PHI. The best, most secure way to communicate this information is in person, with the specific patient. This ensures the information is being communicated to the intended recipient.

However, solely communicating with a patient in person is unrealistic for both the physician and the patient. As a result, many healthcare organizations turn to the top communication tool of 2017: email.

Over 205 billion emails are sent every day, and a good amount of that number must be HIPAA compliant.

So how do you make your email HIPAA compliant and what are HIPAA email rules?

At its essence, HIPAA compliant email ensures that an email with PHI is delivered securely to the recipient’s inbox. However, most regular consumer and business email providers such as Yahoo! or Gmail aren’t set up to be HIPAA compliant without specific configuration. But even then, most popular email providers do not provide sufficient security to meet HIPAA standards or HIPAA email rules.

Unless you have a stellar IT employee who is an expert in information systems, odds are you will need to consult a third-party HIPAA compliant email provider.

To begin your search, you can consult with your healthcare attorney. Or, you can simply type the phrase “hipaa compliant email” into Google.

Finding the best HIPAA compliant email provider

There are many HIPAA compliant email providers to choose from, but how do you know which one to choose?

Use this HIPAA email compliance list to narrow your search:

  1. They are willing to sign a business associate agreement.
  2. They have an attentive customer service team for all your questions and concerns.
  3. They encrypt every email, even non-PHI emails (better to be safe than sorry), without the hassle of buttons or portals.
  4. The encryption service seamlessly integrates with any device, any browser, and any email provider.

If your preferred HIPAA compliant email provider complies with HIPAA email encryption requirements on the list, they are likely the best one to choose.

About Paubox

Paubox is the easiest way to send and receive HIPAA compliant emails. No plugins, no passwords, no extra steps. Just secure HIPAA-compliant email for senders and recipients. Paubox is based in San Francisco, CA.

Written by Hoala Greevy, Founder CEO of Paubox

Third Party Verification and Validation

Need Help with HIPAA?

Let our complete HIPAA solution handle it.