Hipaa compliant secure email

HIPAA-compliant secure email refers to email services that meet the security and privacy standards set by the Health Insurance Portability and Accountability Act (HIPAA) of 1996. HIPAA requires healthcare providers, health plans, and healthcare clearinghouses to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI).

To be considered HIPAA-compliant, a secure email service must meet the following requirements:

  1. Encryption: The email service must use end-to-end encryption to protect the confidentiality of ePHI. This means that only authorized parties can access the email content.
  2. Authentication: The email service must use strong authentication methods, such as two-factor authentication, to ensure that only authorized individuals can access the email account.
  3. Access controls: The email service must have robust access controls, such as role-based access control, to limit access to ePHI to authorized individuals.
  4. Audit logs: The email service must maintain audit logs to track access to ePHI and detect potential security breaches.
  5. Business associate agreement: The email service must have a business associate agreement (BAA) in place with healthcare providers and other covered entities to ensure that they are aware of their responsibilities under HIPAA.

Some popular HIPAA-compliant secure email services include:

  1. ProtonMail: A Switzerland-based email service that uses end-to-end encryption and has a BAA in place.
  2. Tutanota: A Germany-based email service that uses end-to-end encryption and has a BAA in place.
  3. Hushmail: A Canada-based email service that uses end-to-end encryption and has a BAA in place.
  4. ZixCorp: A US-based email service that uses end-to-end encryption and has a BAA in place.
  5. Lumin: A US-based email service that uses end-to-end encryption and has a BAA in place.

When selecting a HIPAA-compliant secure email service, healthcare providers and other covered entities should consider the following factors:

  1. Security features: Look for services that use end-to-end encryption, two-factor authentication, and robust access controls.
  2. Compliance certifications: Verify that the service has obtained relevant compliance certifications, such as HIPAA/HITECH Act compliance.
  3. Business associate agreement: Ensure that the service has a BAA in place and that it is willing to sign a BAA with your organization.
  4. Customer support: Look for services that offer 24/7 customer support and have a reputation for being responsive to customer needs.
  5. Pricing: Consider the cost of the service and whether it fits within your organization's budget.

By using a HIPAA-compliant secure email service, healthcare providers and other covered entities can help protect the confidentiality, integrity, and availability of ePHI and comply with HIPAA regulations.