How Hushmail supports HIPAA compliance: encrypting email
Published on June 1, 2017
This is the first blog post in a series that describes how Hushmail for Healthcare supports HIPAA compliance for your healthcare practice.
Every day, as a practice owner, you communicate with your patients, medical professionals, and other healthcare providers about your patients' care. Technology has made communication easier, faster, and more reliable. However, when it comes to sensitive patient health information, the Health Insurance Portability and Accountability Act, known as HIPAA, imposes restrictions on practitioners requiring that you take steps to protect the confidentiality of your patients electronic health records. Hushmail is an ideal email service for practice owners, as it allows you to take advantage of the benefits technology provides for communication, and also helps you to stay in compliance with HIPAA.
Who is required to comply with HIPAA?
Covered entities are required to comply with HIPAA. “Covered entities” are defined as health plans, health care clearinghouses and health care providers who electronically transmit health information for which the Department of Health and Human Services has adopted standards. As a healthcare practitioner you are a covered entity.
What does HIPAA require?
HIPAA stipulates that covered entities are required to implement technical safeguards for the “electronic protected health information” of their clients and patients. These technical safeguards can be implemented by using a service provider such as Hushmail that will encrypt your email.
The actual language, in section 164.306 of the U.S. Code of Federal Regulations, states that covered entities and business associates must:
Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity or business associate creates, receives, maintains, or transmits.
While HIPAA doesn't specify exactly what safeguards are required, protecting email is a top priority, since it is the main method of electronic communication in use today, embraced by healthcare practitioners, plans, providers and patients. The Department of Health and Human Services website is a useful resource for additional information.
Email encryption with Hushmail
Hushmail has been designed to support healthcare providers in their efforts to be HIPAA-compliant. One of the primary ways we do that is by providing a secure, encrypted email service, to help you safeguard client or patient information you transmit, receive and maintain.
With Hushmail, any emails you send to another Hushmail user are automatically encrypted. Sending an encrypted email to someone who does not use Hushmail is as easy as checking the Encryption box as you’re typing an email, then choosing a secret question and answer for the recipient to fill in. Whether you’re using webmail or our iPhone app, the process is equally simple. When the recipient receives your email, they are taken to a secure website where they can read your message, download any attachments and respond with a secure, encrypted email of their own.
It’s worth noting that while Hushmail makes it possible to encrypt emails, it is up to our customers to add encryption to messages containing personal healthcare information. But Hushmail makes it easy.
Our Hushmail for Healthcare plans come configured for HIPAA compliance right out of the box. Learn more about how our healthcare plans can help you be HIPAA compliant.