Hushmail HIPAA Compliant

Hushmail is a popular email platform used by healthcare providers. But is Hushmail HIPAA compliant? The answer is discussed below.

Is Hushmail HIPAA Compliant: Security Features

For a software to be considered HIPAA compliant, there are certain security features that must be in place. These features must ensure the confidentiality, integrity, and availability of protected health information (PHI).

Hushmail for Healthcare offers the following security measures:

Encryption. Hushmail offers encryption services, which automatically encrypt emails that are sent between two Hushmail users. Encryption is also available for emails sent to recipients using other email services, but must be manually enabled by clicking a checkbox. Although Hushmail enables encryption, PHI should never be contained in an email subject line, as email subject lines cannot be encrypted.

Two-step Verification. When signing into a Hushmail account from an unrecognized device, users must enter a verification code in addition to their username and passphrase. The verification code is sent to the users phone, or an alternate email account, for increased security. 

Access Management. Hushmail allows for users to be managed through their administration panel. Through the panel, administrators can set up, delete, and configure user accounts (only available to users that use their own domain).

Email Archiving. Keeps records of both sent and received emails by all users. This provides essential documentation in the case of a HIPAA audit.

Why Compliancy Group

HIPAA Compliance is an important part of your business, so why not use someone you can trust? Compliancy Group is the only compliance firm to be listed on both Inc. 2020 Best Places to Work and 2020 Inc. 5000 list of the fastest-growing private companies in America. By working with us, you are welcomed into the safety of our family.

Put your trust in us

Is Hushmail HIPAA Compliant: Business Associate Agreements

Even when a software platform has all of the required security features to be HIPAA compliant, if they are unwilling or unable to sign a business associate agreement (BAA), the service cannot be considered HIPAA compliant. This is so, because under HIPAA, software providers that have the potential to access PHI, are considered business associates. Good news is, Hushmail is willing to sign a business associate agreement, so their service can be used in a HIPAA compliant manner.

Is Hushmail HIPAA Compliant?

So, is Hushmail HIPAA compliant? Yes, provided it is used properly. Users must ensure that the encryption box is checked on all messages sent to recipients using other email services. Hushmail users must also have a signed business associate agreement before they use the service in conjunction with PHI.

For more information on Hushmail for Healthcare, please click here.