The standards established for HIPAA compliant email require safe and secure methods of transmitting ePHI (electronic Patient Health Information).
The HIPAA requires that all communication mediums used in the transfer of ePHI provide safe and secure methods of transmission.
Standard email communication is provided by gmail, hotmail, yahoo and ISP email services over the Internet with no methods of securing the content from interception. Other information, such as usernames, passwords and attachments that are associated with email messages, is as vulnerable to interception as the content of email messages. As such, standard email messages and associated information are vulnerable to compromise by third parties.
In order for healthcare providers and their business associates to safely transmit ePHI via email, they must incorporate a HIPAA compliant email service in their IT infrastructure. This type of service requires data encryption using secure servers in order to protect transmitted information.
Healthcare providers have the option of developing their own secure, encrypted HIPAA email service or they may choose among the many HIPAA compliant email providers. Healthcare providers who develop their own systems have the responsibility of encrypting and decrypting ePHI to keep it secure. The requirements for secure HIPAA email transmissions only apply to healthcare providers and their business associates who are defined as HIPAA covered entities. Patients who make use of the services offered by healthcare providers are not required to communicate using secure email. A viable email service provider will have the ability to encrypt information and data sent by patients and other approved sources of insecure email as soon as the information reaches their servers and then have the capability to secure all further communications using their servers.
WHO WE ARE
Do you need or want to double check if your email at the office is HIPAA compliant?