If you are healthcare organization working with protected health information (PHI), you need to make sure all communication, storage, and transmission of PHI is HIPAA compliant.
But what is HIPAA compliance, and what are the steps for email to become HIPAA compliant?
What is HIPAA?
HIPAA stands for the Health Insurance Portability and Accountability Act. The act was established by the U.S. Department of Health & Human Services to set a standard to protect a patient’s healthcare information from public access.
The security of this sensitive information is crucial due to the nature of the information involved. Your healthcare provider has access to private information such as your medical history, your family’s medical history, your financial information (such as your credit card or bank) or your social security number.
HIPAA’s mandatory compliance works to prevent this information from falling into malicious hands.
How do I know if I’m HIPAA compliant?
To be HIPAA compliant, you must abide by the Privacy Rule and the Security Rule.
The Privacy Rule “requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization.”
The Security Rule “requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.”
Any personnel handling protected health information must comply with these rules. These select individuals are divided into two categories: Covered Entities and Business Associates.
A Covered Entity simply provides treatment, payment and operations in healthcare. A Business Associate has access to patient information and provides support in treatment, payment or operations.
What is HIPAA compliant email?
There are many methods to create, transmit, and store PHI. The best, most secure way to communicate this information is in-person with the specific patient. This ensures the information is being communicated to the intended recipient.
However, solely communicating with a patient in-person is unrealistic for both the physician and the patient. As a result, many healthcare organizations turn to the top communication tool of 2017: email.
Over 205 billion emails are sent every day, and a good amount of that number must be HIPAA compliant.
So how do you make your email HIPAA compliant?
At its essence, HIPAA compliant email ensures that an email with PHI is delivered securely to the recipient’s inbox. However, most regular consumer and business email providers such as Yahoo! or Gmail aren’t set up to be HIPAA compliant without specific configuration. But even then, most popular email providers do not provide sufficient security to meet HIPAA standards.
Unless you have a stellar IT employee who is an expert in information systems, odds are you will need to consult a third-party HIPAA compliant email provider.
To begin your search, you can consult with your healthcare attorney. Or, you can simply type the phrase “hipaa compliant email” into Google.
Finding the best HIPAA compliant email provider
There are many HIPAA compliant email providers to choose from, but how do you know which one to choose?
Use this HIPAA email compliance list to narrow your search:
- They are willing to sign a Business Associate Agreement.
- They have an attentive customer service team for all your questions and concerns.
- They encrypt every email, even non-PHI emails (better to be safe than sorry), without the hassle of buttons or portals.
- The encryption service seamlessly integrates with any device, any browser, and any email provider.
If your preferred HIPAA compliant email provider complies with everything on the list, they are likely the best one to choose.
Paubox is the easiest way to send and receive HIPAA compliant emails. No plugins, no passwords, no extra steps. Just secure email for senders and recipients. Paubox is based in San Francisco, CA.
Written by Hoala Greevy, Founder CEO of Paubox