Protecting patient data requires HIPAA compliant email technology
For healthcare organizations, adopting HIPAA compliant email technology not only simplifies compliance but can streamline the tasks involved in protecting patient data from security threats as well as malicious and inadvertent data leaks.
HIPAA, or the Health Insurance Portability and Accountability Act, provides a set of standards for organizations as well as vendors and partners that may need to access protected health information (PHI) and personally identifiable information (PII) during the process of delivering care. Because email is so ubiquitous in healthcare communications and because it is constantly under attack from malicious individuals seeking to steal lucrative patient data, HIPAA security rules stipulate that organizations must take steps for protecting PII and PHI in email.
A HIPAA compliant email system must control access to email data through proper authentication, protect the security of email during transmission, ensure that email data is not improperly altered or destroyed, and maintain audit controls that record the access and use of data in email.
When seeking to quickly and easily implement HIPAA compliant email technology, more healthcare organizations turn to solutions from Mimecast.
HIPAA compliant email solutions from Mimecast
Mimecast provides a cloud-based subscription service that delivers HIPAA compliant email solutions for security, archiving and continuity. As a SaaS-based service, Mimecast can be implemented quickly and cost-effectively throughout an organization, with no hardware or software to purchase, install or maintain.
Mimecast provides HIPAA compliant email technology with services that include:
- Encryption. Mimecast Secure Messaging makes encryption easy and automatic, allowing users to protect and send email containing sensitive material without requiring knowledge of complex encryption methods or having to manage encryption keys. Secure Messaging can also automatically encrypt messages when Mimecast identifies that a message may contain sensitive material or protected health information.
- Threat protection. Mimecast blocks access to potentially malicious URLs and attachments in email to stop the spread of threats like ransomware, spear-phishing or a man in the browser attack.
- Content control and data leak prevention. Mimecast scans all email to identify potential leaks and blocks or quarantines suspicious messages.
- Archiving. The Mimecast Cloud Archive provides a central repository for email data with tools that simplify and streamline email retention and policy management.
Advantages of Mimecast HIPAA compliant email services
With HIPAA compliant email technology from Mimecast, you can:
- Reduce the cost and complexity of protecting patient data in email.
- Implement a HIPAA compliant email solution quickly, with no upfront capital expense.
- Provide administrators with tools that simplify management of healthcare compliance solutions, improve litigation readiness and minimize the administrative burden of responding to compliance and legal inquiries.
FAQs: HIPAA Compliant Email
What is HIPAA compliant email?
HIPAA compliant email refers to email messages that are sent in compliance with regulations in the Health Insurance Portability and Accountability Act (HIPAA) that govern the use of email for communicating protected health information, or PHI. HIPAA regulations require that email containing PHI to be protected as it is transmitted electronically to recipients and that organizations have policies and procedures in place to restrict access to, protect the integrity of and guard against unauthorized access to PHI in email. In addition to protecting email in transit, HIPAA regulations require 100% message accountability through access, integrity and audit controls.
How to make email HIPAA compliant?
While there is no single formula for creating a HIPAA compliant email, there are a number of steps that organizations can take to ensure compliance with HIPAA regulations.
- Encryption technologies or secure messaging portals can successfully protect email in transit. Encryption makes an intercepted email unreadable, while secure messaging portals combine encryption with secure access protocols that add additional layers of protection.
- Email archiving solutions can help organizations fulfill the requirements for access, integrity and audit controls, and make it easy to produce email for legal discovery or compliance audits.
What is a violation of HIPAA compliant email regulations?
Actions that may violate regulations concerning HIPAA compliant email and protected health information (PHI) include:
- Failing to protect PHI with encryption, secure messaging or other technologies that prevent unauthorized access.
- Emailing unprotected or unencrypted personal health information without patient consent.
- Sending email without a Business Associate Agreement with your email provider that ensures they are also in compliance with HIPAA.
- Failing to provide audit trails that document access and ensure integrity of email containing PHI.
Is Gmail a HIPAA compliant email service?
The Gmail platform does not automatically enable HIPAA compliant email. To achieve HIPAA compliance with Gmail, organizations need to use a third-party encryption provider and to send email through Google’s GSuite, which enables Google to sign the Business Associate Agreement required by HIPAA regulations.
Is Outlook a HIPAA compliant email service?
Email accounts managed through Outlook.com are not HIPAA compliant. Outlook that is included with Office 365 may be a compliant when properly configured. And Outlook installed on a laptop or desktop can also be HIPAA compliant, providing that the computer on which the software is installed and the user’s email provider are capable of managing HIPAA compliant email.