Mailgun Email Security
As mentioned above, business associates must have security measures in place to protect PHI. Mailgun email software utilizes encryption so that users can securely send emails. They also enable detailed audit logs to track email access.
Emails and Patient Consent
Before you can communicate with a patient via email, you must receive written patient authorization. In addition, to send patients marketing emails, you must receive explicit consent to send this type of email. To be HIPAA compliant, you must also provide means for patients to opt out of marketing emails should they no longer wish to receive them. Lastly, marketing emails should never contain PHI unless the patient gives consent for their information to be shared in this manner.
Is Mailgun HIPAA Compliant?
Is Mailgun HIPAA compliant? Yes, provided that you have a signed BAA, and the service is used in compliance with HIPAA standards.