Is your email HIPAA Compliant? What you need to know

Is your email HIPAA Compliant? What you need to know
Share this Post
Share on facebook
Facebook
Share on twitter
Twitter
Share on reddit
Reddit
Share on linkedin
LinkedIn
Share on email
Email

There are many free email solutions available these days. @Gmail.com, @outlook.com. @yahoo.com amongst others. But did you know that using those emails for PHI (Protected Health Information) exposes you to violating HIPAA guidelines?

Breaking down the HIPAA Guidelines for email

The answer to ‘Is your email HIPAA compliant’ boils down to understanding HIPAA guidelines. HIPAA requires that all PHI be secured reasonably.  These ‘reasonable safeguards’  are probably what leads to a lot of confusion on what is and is not adhering to the compliance requirements of HIPAA.

Broadly, there are two areas that you need to know which will impact PHI over emails.

  1. Encryption security – is your email providing encryption when emails are sent over the internet. Which basically means that if a person has hacked into a server which is use to route the email on internet – can they just view the data with no effort. 
  2. Hosting Security – All emails are obviously stored on a server somewhere. This server is hosted by the company who is running your email service. Google, Yahoo, Microsoft, Amazon, GoDaddy, Wix etc. Every server has a lot of people who can access that data on the server for general administration reasons. There is a level of security needed (physical,electronic and user level) that is a key requirement to making sure HIPPA safeguards are met. Most importantly (and in addition) – the company who is hosting your email or any PHI – have they signed a Business Associate Agreement with your practice?

But my gmail email is secure!

Yes, many email providers do use TLS (Transportation Layer Security), including Gmail. As long as the person with whom you’re emailing is also using a mail service that also supports TLS — which most major mail providers do — all messages you send through email will be encrypted in this manner.

TLS is a policy you have to setup / enforce with your email (it is not turned on by default, even for GSuite Business users) – make sure you have those turned up to stay compliant.

However, that covers only one aspect of email security if both sender and recipient emails are using TLS (see point 2 above). 

To conclude – Is your email HIPPA compliant? The answer could be Yes or No – depending on how it is setup.

 

Are you using eForms on your website?

eForms are a great feature to add to your practice. Patients can filll up the forms conveniently from their home prior to their appointment. Facilitates better information available to your practice, saves time for the patients and is a all round super convenient feature that a lot of patients are almost expecting out of their clinic of choice.

Just like emails, if your hosting company is not offering a HIPAA compliant hosting and you do not have a BAA with them – you are exposing yourself to a huge HIPAA violation risk.

We can Help!

Practice Tech Solution offers services for hosting your website in a HIPAA compliant environment with BAA’s signed to ease the anxiety of meeting compliance. Our fillable forms solution is HIPAA compliant and offers a cost effective way to implement convenient features for your practice without the risk.

 

We can Help!

We can build a secure email solution for as low as $6/user per month using a email provider of your choice. Or if you just need a free consult - we are always happy to help!.Speak to us at 224-900-1110 for more details.
website design
Lets make something great together!

Found yourself with an outdated, old-fashioned website? We can help!

Fill out the Discovery questionnaire to get started!

DIY & Self Help Center

All you need to know guide for providing Telehealth Services

If you want your practice to expand into providing telehealth services but don’t know where to start, read on to learn more about these services, how to go start, how to use them to grow your practice revenue and what changes you need to bring in your practice to stay on top so you can get paid for these services. We have also done a detailed analysis on popular 3rd party tools and platforms available, including price comparison. Read our All you need to know guide for providing Telehealth Services.

Read More »
Subscribe to our weekly newsletter!
Get news in your mailbox- Tips and tricks in marketing, tech, compliance and latest in practice management.
Unsubscribe anytime.
CALL 2249001110hello@practicetechsolutions.com

Your Marketing & Practice Management Info Source!

1
Website
2
SEO
3
Reputation Management
4
Social Media
5
Email Marketing
6
Online Advertising
7
Info

What kind of website are you looking for?

Number of pages?

What kind of website are you looking for?

Next

Do you want to estimate the cost of Search Engine Ranking related services for your practice?

SEO helps you get found when people search on internet. A better ranking means you can create reputation for specific services. Like “vaccine friendly doctor” or “carpal tunnel specialist”

Previous
Next

Do you want to estimate cost for review or reputation management services

83% of people look up reviews online before they engage with any practice. Getting more positive reviews for your practice makes it more likely for people to come and be your long term client. It also improves your SEO.

Previous
Next

Do you want to include cost estimate for social media marketing for your practice?

Previous
Next

Do you want to include cost estimate for email marketing for your practice?

Previous
Next

What type of online advertising are you looking for?

Previous
Next

Your Information

Previous
Submit
cookie
This website uses cookies to ensure you get the best experience on our website.