This post is the beginning in a series of posts about HIPAA compliant email. Despite what you may have read elsewhere, it is possible to have 100% encrypted email and use it in a HIPAA compliant manner.
A friend of mine recently told me about his dealings with a medical company in the San Francisco area. He went in for a blood test and they emailed him, in cleartext, his blood test results and preliminary analysis. Since he didn't sign a waiver, this is a big no-no for HIPAA compliance. When I checked out their website, I discovered they have offices not only in SF, but in New York, Washington DC, Boston, Chicago, and Los Angeles. Yikes! If they are sending protected health information (PHI) via unencrypted email in the Bay Area, I can only imagine they are likely committing HIPAA violations across the nation.
As a general rule, PHI must be transmitted in an encrypted state to be HIPAA compliant (in motion). Naturally, there's a lot more to the HIPAA Security Rule for digital information than this, but this is a very important component.
We've taken a unique approach to encrypted email- we encrypt all of your email, for every user and every device. If you are a covered entity and face HIPAA compliance hurdles, how much would it mean to you to have all of your outbound email be HIPAA compliant in minutes? We can help you do this.