For healthcare organizations, adopting HIPAA compliant email technology not only simplifies compliance but can streamline the tasks involved in protecting patient data from security threats as well as malicious and inadvertent data leaks.
HIPAA, or the Health Insurance Portability and Accountability Act, provides a set of standards for organizations as well as vendors and partners that may need to access protected health information (PHI) and personally identifiable information (PII) during the process of delivering care. Because email is so ubiquitous in healthcare communications and because it is constantly under attack from malicious individuals seeking to steal lucrative patient data, HIPAA security rules stipulate that organizations must take steps for protecting PII and PHI in email.
A HIPAA compliant email system must control access to email data through proper authentication, protect the security of email during transmission, ensure that email data is not improperly altered or destroyed, and maintain audit controls that record the access and use of data in email.
When seeking to quickly and easily implement HIPAA compliant email technology, more healthcare organizations turn to solutions from Mimecast.
Mimecast provides a cloud-based subscription service that delivers HIPAA compliant email solutions for security, archiving and continuity. As a SaaS-based service, Mimecast can be implemented quickly and cost-effectively throughout an organization, with no hardware or software to purchase, install or maintain.
Mimecast provides HIPAA compliant email technology with services that include:
With HIPAA compliant email technology from Mimecast, you can:
What is HIPAA compliant email?
HIPAA compliant email refers to email messages that are sent in compliance with regulations in the Health Insurance Portability and Accountability Act (HIPAA) that govern the use of email for communicating protected health information, or PHI. HIPAA regulations require that email containing PHI to be protected as it is transmitted electronically to recipients and that organizations have policies and procedures in place to restrict access to, protect the integrity of and guard against unauthorized access to PHI in email. In addition to protecting email in transit, HIPAA regulations require 100% message accountability through access, integrity and audit controls.
How to make email HIPAA compliant?
While there is no single formula for creating a HIPAA compliant email, there are a number of steps that organizations can take to ensure compliance with HIPAA regulations.
What is a violation of HIPAA compliant email regulations?
Actions that may violate regulations concerning HIPAA compliant email and protected health information (PHI) include:
Is Gmail a HIPAA compliant email service?
The Gmail platform does not automatically enable HIPAA compliant email. To achieve HIPAA compliance with Gmail, organizations need to use a third-party encryption provider and to send email through Google’s GSuite, which enables Google to sign the Business Associate Agreement required by HIPAA regulations.
Is Outlook a HIPAA compliant email service?
Email accounts managed through Outlook.com are not HIPAA compliant. Outlook that is included with Office 365 may be a compliant when properly configured. And Outlook installed on a laptop or desktop can also be HIPAA compliant, providing that the computer on which the software is installed and the user’s email provider are capable of managing HIPAA compliant email.