HIPAA encrypted email

Enable HIPAA encrypted email with Mimecast

HIPAA encrypted email compliance requires innovative solutions.

As threats to patient information and medical records proliferate, IT team are seeking powerful technology to comply with HIPAA encrypted email requirements.

The Health Insurance Portability and Accountability Act, or HIPAA, set out strict guidelines in 1996 for acting patient information as it is used, stored and shared. With the rise of email as a dominant form of communication in healthcare settings, HIPAA requirements for email stipulate that protected information must be encrypted.

The challenge for IT teams is twofold: finding an easy-to-use solution for sending and receiving HIPAA encrypted email, and integrating that solution into a multilayered approach to ensuring privacy and security in healthcare. Fortunately, Mimecast provides an all-in-one service for email security that offers both HIPAA encrypted email capabilities and defenses against ransomware, spear-phishing, impersonation attacks and other healthcare industry cyber security threats.

Enable HIPAA encrypted email with Mimecast.

Mimecast's cloud-based solution allows healthcare organizations to address healthcare privacy and security with HIPAA encrypted email and industry-leading services for security, archiving and continuity. As a fully SaaS-based subscription service, Mimecast can be deployed quickly and scaled easily to meet new challenges. And to simplify management and streamline troubleshooting, Mimecast provides administrators with a single console to handle all aspects of email security and management.

Mimecast is a HIPAA-compliant solution, having passed the HIPAA Security Compliance Assessment. In addition to meeting HIPAA encryption requirements, Mimecast security services enable IT teams to deploy a multi-layered approach to email security. Targeted Threat Protection defends against advanced attacks like ransomware by identifying emails that may be impersonating a trusted sender. Mimecast blocks malicious URLs in email and weaponized email attachments that can compromise network security. Mimecast also stops purposeful and accidental data leaks by scanning outbound email and blocking, quarantining or encrypting email containing suspicious content.

Mimecast technology for HIPAA encrypted email.

To enable HIPAA encrypted email messages, Mimecast provides a healthcare Secure Messaging solution that is easy to use for healthcare providers and patients alike. To initiate a secure message, users need only click a Send Secure box in Outlook or in their preferred email client. Messages and attachments are uploaded to the Mimecast secure cloud, rather than being sent directly to recipients. After being checked for malware, messages are stored in an AES encrypted archive, and recipients are notified of the HIPAA encrypted email and how to access it by logging onto a secure portal. From the portal, recipients can read messages and view attachments, responding to the sender or composing a new message back to recipients in the organization.

Learn more about HIPAA encrypted email and Mimecast.

HiPAA Compliance

FAQs: HIPAA compliance

What is HIPAA compliance?

HIPAA, or the Health Insurance Portability and Accountability Act, sets standards for the privacy and security of patients’ protected health information (PHI), including names, addresses, medical records and other identifiable patient information. To achieve HIPAA compliance, companies must take steps to protect PHI that they create, collect or transmit electronically or that they encounter as part of their work. Since many organizations communicate PHI through email, HIPAA compliance requires email containing PHI to be protected from unauthorized access in transit and at rest, and to have 100% message accountability through audit controls. 

Does HIPAA require encryption?

While encryption is neither specifically required for HIPAA compliance nor the only way of achieving it, most organizations feel that encryption – along with secure messaging technology – is the most effective way of protecting PHI and achieving HIPAA compliance.

Is Outlook HIPAA compliant?

It depends. Email accounts on Outlook.com are not HIPAA compliant. Outlook within Office 365 can be HIPAA compliant if Office 365 is configured properly. And Outlook that’s installed as software on a laptop or desktop can also be HIPAA compliant, as long as your email service and the computer you’re using are HIPAA compliant as well.

Is Gmail HIPAA compliant?

While Gmail itself is not HIPAA compliant, Gmail as part of GSuite can be HIPAA compliant with the addition of third-party encryption software.

How do I send a HIPAA compliant email?

Sending a HIPAA compliant email requires the use of encryption or the use of a secure message server such as a patient portal to protect PHI within the email while in transit. HIPAA compliant email also requires the use of access controls that ensure only the sender and intended recipient can access the message.