There’s no simple answer or single factor that makes email HIPAA-compliant. Instead, it requires the assurance of both security and privacy when it comes to protected health information (PHI) and electronic health records (EHR) sent via electronic mail.
There are a few key things to understand when it comes to HIPAA-compliant emails.
- Emails with PHI should not be sent unless encrypted. You can encrypt either the body of the email or attachments, depending on where PHI is stored. Patient-initiated emails do not share this same requirement, nor do emails shared within a healthcare organization.
- PHI should absolutely never be sent through a personal email.
- Internet-based email providers like Yahoo, AOL, Hotmail and more are not inherently HIPAA compliant.
- Business Associate Agreements (BAA) only cover data held on a server by the business associate. Your organization is still responsible for the rest of the journey (which is risky). That’s why end-to-end encryption is best.
- There are five* HIPAA compliance regulations that must all be met, on top of everything mentioned above.
The bottom line is, your organization is responsible for protecting any PHI sent via email.
Bear in mind, not all HIPAA-compliant email platforms are the same or safe. The right encrypted HIPAA-compliant email solution will offer smart security, compliance, and cloud-based features to make your email an asset to your practice.
*There are six requirements in the linked article. Encryption, listed above, is one of the six :”Transmit securely”.
iCoreExchange provides encrypted cloud-based, HIPAA-compliant email along with a built-in referral network and unlimited attachments. Book your free demo and access significant member discounts.