Many email services claim to be HIPAA-compliant, but an unsettling number may only loosely meet federal law. It’s an understatement to say all HIPAA-compliant email services are created equally.
If any of the following resonates with you, use the information below to help you choose a secure email service that provides the protection of full HIPAA compliance, speeds your workflow, and reduces cost.
I thought spam was just annoying, but I just got hacked.
Stopping criminals at the front door is far more effective than trying to neutralize them once they’re inside.
Spam and phishing attacks are the primary ways cybercriminals target dental practices, so your email service needs to stop imposters from infiltrating your PHI-relevant inbox.
The DIRECT Protocol is a standard that verifies the sender of an email is a nationally-registered healthcare provider. So it ensures your PHI-relevant inbox only contains messages from verified providers, or others you invited. The most secure cloud-based services will be built on the DIRECT Protocol, which is the federal government’s preferred standard for exchanging Electronic Protected Health Information (ePHI).
It’s free, and it claims to be HIPAA-compliant.
Many email services offer low or no-cost service, and claim compliance. Remember, you often get what you pay for.
At the “free” level, many of these services provide encryption as the only protection. Encryption is critical, because it makes it harder for a cybercriminal to intercept and open a message that’s traveling across the internet. But encryption alone doesn’t cut it; it’s just one of the compliance requirements.
In order for an email service to be HIPAA-compliant, each of six specific federal requirements must be met.
Make certain your email service:
- Authenticates recipients using the DIRECT protocol.
- Controls access with auto log-offs (and more).
- Transmits securely at 2048-bit encryption.
- Keeps copies of unaltered records, storing your files in highly secure, private server centers (to prevent tampering).
- Provides an audit trail for every message, so you can produce it immediately if audited.
- Securely stores your ePHI for six years to prevent damage, loss, or theft.
I can’t attach a large imaging file.
Hate the sight and sound of the ERROR message telling you your attachment is too big? A comprehensive HIPAA-compliant service won’t restrict you to a certain size or the number of files allowed in an attachment. Talk with your cloud service to make sure it offers a flexible service without file size limits at no additional cost.
I spend a lot of time logging in and out of various windows.
Here’s a tip to speed your workflow. Find a cloud-based service that integrates your regular email (e.g. Gmail, Hotmail, AOL) into the same interface as your HIPAA-compliant email. One login will show you all your email options. Adding this functionality to a robust cloud-based practice management system will mean an end to window hopping.