HIPAA Compliance for Email

Keep all communications secure and HIPAA compliant

When regulations within Health Insurance Portability and Accountability Act (HIPAA) were enacted by the Final Omnibus Rule in 2013, the matter of HIPAA compliance for email was discussed as a possible security problem. As all electronically-stored patient health information (ePHI) now has to be encrypted, it was questioned whether the encryption was sufficient to maintain HIPAA compliance when sending emails.

The questionable use of sending emails with ePHI and whether it complied with HIPAA regulations was complicated further by the classification of the HIPAA compliance for email regulations as “addressable” (rather than “required”) and, in order to address the questions that have been raised about HIPAA compliance when sending emails, we have produced a white paper which can be downloaded free of charge from this page.

The information below aims to answer many of the questions relating to emails and HIPAA regulations, but it is recommended that this article should be read in conjunction with our white paper – “Top 10 Considerations when Selecting a Secure Messaging Solution”.

Emails and HIPAA Regulations

According to the US Department of Health and Human Services website, the revised rules about HIPAA compliance when sending emails do not prohibit the use of emails when sending ePHI, and at first reading, the regulations regarding HIPAA compliance for email would suggest sending encrypted ePHI by email is acceptable – although it would be necessary for both the sender and the recipient to have the same encryption software.

However, organizations are now required to introduce policies and procedures to guard against unauthorized access to ePHI, and should be aware that copies of emails containing ePHI are stored on routing servers – with no means of deleting them remotely should an unauthorized party with the same encryption software gain access to them.

Therefore, the issue of how to maintain HIPAA compliance for email communications still exists. Furthermore, even though the new legislation categorized HIPAA compliance when sending emails as an “addressable” regulation, it was not intended that sending emails within the HIPAA regulations was “optional”; and it is an issue that organizations have to deal with if they are to avoid severe financial penalties should a breach of ePHI occur.

How to Ensure HIPAA Compliance for Email

The messaging systems operate in exactly the same way as SMSs or emails: with the functionality to attach documents, test results and images; but usage is centrally monitored so that usage adheres to policies relating to communicating ePHI and the HIPAA regulations.

One of the major benefits of transmitting ePHI via secure messaging systems is that the systems are compatible across multiple mobile devices and platforms, healthcare professionals and third-party healthcare service providers can each communicate via their personal Smart phones, PDAs, laptops or tablets without the risk of an ePHI breach.

Case studies have shown that organizations have maintained HIPAA compliance for email by integrating a secure message system and secure messaging has helped reduce costs and increase efficiency – which has resulted into higher standards of healthcare provided to patients. The benefits from secure messaging include:

  • Enhanced nurse to doctor communications
  • Faster delivery of critical lab results by laboratory technicians
  • Immediate retrieval of ePHI “on-the-go” for medical professionals
  • Efficient patient hand-offs by hospital administrators
  • Accelerated resolution of patient concerns by home healthcare and emergency clinicians

TigerText´s Secure Messaging System

TigerText´s secure messaging system surpasses the regulations for HIPAA compliance when sending emails by utilizing a cloud-based “on demand” application. The application has been deliberately designed to be compatible with existing practices and policies, so that no dedicated training is required in order for authorized users to understand how to maintain HIPAA compliance for email.

The application is capable of automatically updating patients´ Electronic Medical Records, providing read receipts and audit logs to assist system administrators with monitoring the use of emails within HIPAA regulations, and ensure HIPAA compliance when sending emails.

In order to be certain that your organization obtains the maximum benefit from a secure messaging system, it is recommended that you download and read our “Top 10 Considerations when Selecting a Secure Messaging Solution” or contact us with any questions you may have about how to maintain HIPAA compliance for email communications within your organization.