Meeting HIPAA IT compliance requirements
For IT teams in healthcare organizations, HIPAA IT compliance must be a top priority. The Healthcare Insurance Portability and Accountability Act, or HIPAA, provides strict regulations for privacy and security in healthcare, with significant penalties for organizations that fail to protect patient data.
The challenge for healthcare IT teams is putting security measures in place to defend against all of the threats to protected health information (PHI). Organizations must defend against data leaks, both malicious and inadvertent, as well as the ransomware attacks that have increased significantly in recent years. For HIPAA IT compliance, organizations must also deal with HIPAA requirements for email encryption to prevent the theft of patient data.
IT teams can address HIPAA IT compliance and other healthcare industry cyber security needs with a variety of best-of-breed point solutions from multiple vendors. But this approach adds complexity and cost to the task of protecting organizations and patient data. For IT teams that want to simplify HIPAA IT compliance with a cost-efficient solution, Mimecast has the answer.
Ensure HIPAA IT compliance with Mimecast
Mimecast provides email security, archiving and continuity solutions in a leading cloud-based subscription service that helps organizations manage and protect email more easily. As a fully SaaS-based solution, Mimecast can be implemented quickly without capital costs and can scale easily to address changing business needs.
Mimecast's comprehensive solutions provide a multi-layered approach to email management and security. In addition to enabling HIPAA encrypted email, Mimecast improves healthcare cloud security with Targeted Threat Protection services to defend against advanced threats like spear-phishing and ransomware, and email continuity solutions that enable users to continuously access email and attachments during outages. Mimecast also provides a leading email archiving solution that delivers fast access to email archives and simplifies email retention.
Mimecast Solutions for HIPAA IT compliance
To ensure HIPAA IT compliance, Mimecast provides a Secure Messaging service that allows users to securely send encrypted messages. To initiate encryption, users only need to select Send Secure in their email client before sending a message. Rather than being delivered directly to the recipient, email and attachments are uploaded to Mimecast's secure cloud where they're stored in an AES encrypted archive after being checked for malware. Recipients can access messages via Mimecast's secure portal, where they can also reply to email and compose new messages.
Mimecast also enables organizations to achieve HIPAA IT compliance by automatically encrypting messages when the content, recipient or recipient's domain match certain administrato-defined policies.
Learn more about HIPAA IT compliance and Mimecast, and about Mimecast solutions for LDAP authentication.
FAQs: HIPAA IT Compliance
What is HIPAA IT compliance?
The Health Insurance Portability and Accountability Act (HIPAA) establishes regulations for governing the privacy and security of protected health information, or PHI. In addition to requiring physical and administrative safeguards, HIPAA requires that IT organization establish technical safeguards to ensure the confidentiality, integrity and availability of electronic PHI, and to protect it from hazards, threats and unauthorized use and disclosure. HIPAA IT compliance involves the steps taken by organizations to meet these technical standards.
What does HIPAA IT compliance mean for email?
To achieve HIPAA IT compliance for email, organizations must adopt solutions to:
- Protect PHI in email at rest and in transit.
- Control access to PHI in email.
- Authenticate PHI in email, determining whether PHI has been altered or destroyed in an unauthorized way.
- Provide activity logs and audit controls that record attempts to access PHI and how PHI is used once it is accessed.
How to achieve HIPAA IT compliance for email?
Ensuring HIPAA IT compliance with regulations to protect PHI in email can be accomplished through by using encryption technologies. Organizations may also employee secure messaging portals that use encryption in conjunction with secure applications that require users to login to send and receive messages. To achieve HIPAA IT compliance with rules that require 100% message accountability, organizations can adopt email archiving solutions that can ensure email integrity and provide audit trails of email access.
Does Gmail ensure HIPAA IT compliance?
The Gmail platform does not guarantee HIPAA IT compliance. Organizations that wish to use Gmail for communicating PHI have the option of sending email through Google’s GSuite platform, which enables Google to sign a required Business Associate Agreement. Organizations will also need to contract with a third-party provider that can provide encryption for email with PHI sent through GSuite.
Does Outlook deliver HIPAA IT compliance?
Outlook software that is installed on individual desktops and laptops is capable of achieving HIPAA IT compliance, as long as the device itself and the user’s email provider are also HIPAA compliant. For organizations using Outlook as part of Office 365, HIPAA IT compliance can be achieved by configuring Outlook properly. Email that is sent through Outlook.com, however, is not HIPAA compliant.
