If you send or receive any ePHI (electronic protected health information) via email, then HIPAA compliance is crucial. It protects ePHI both during transit and in storage, and ensures that it is secure from unauthorized access by any user or third-party.
The HIPAA Security Rule is clear: HIPAA Compliant Email must be kept confidential in all situations, including emails. And even if you send an email that has an email disclaimer, you are still responsible for its security.
For organizations that want to keep their email secure, there are several HIPAA compliant email encryption services available. Some are free for third parties while others charge an annual premium fee above and beyond their monthly user fees.
One of the best options is Virtru, which offers both free and paid solutions for organizations. It’s a cloud-based platform that allows you to protect sensitive data across email, file sharing, and other applications.
Virtru’s HIPAA compliant email encryption service is simple to set up and use, and comes with a variety of features to keep your data safe and secure. You can revoke messages, see where they’re forwarded, and set message expiration dates.
Virtru also has a web portal and an app for Android and iOS devices. Using their email client is easy, and they even offer a free trial to try out their solution.
2. Hushmail for Healthcare
Hushmail for Healthcare is a HIPAA compliant, encrypted email and secure e-document solution that’s easy to use. It’s cost-effective, offers a signed Business Associate Agreement (BAA), and has additional functionality beyond email, such as secure web forms and a private message center.
The company offers three simple, straightforward plans that are ideal for small businesses and freelancers: a Small Business plan, Law plan, and Nonprofit plan. Each one includes standard encryption features and a 10GB storage limit.
Another unique feature is that Hushmail automatically creates an archive account that keeps records of all emails sent or received by users in your domain, which can be useful in case of an audit.
It also enables you to search for contact information in a way that’s more intuitive than many other email services. This makes it easier to keep track of clients and patients by ensuring they’re always in the right place. It even has an import feature that migrates contacts from other email providers in CSV format.
G Suite is a powerful set of tools that make collaborating on projects and documents easier. It offers email, chat, calendar, and document sharing. It also comes with Google Drive, which is a cloud storage application that allows you to organize and store your files online.
You can sign up for a free trial of G Suite or buy it on a monthly basis for $6-12 per month for each user. It includes a lot of features and is a good alternative to Microsoft Office 365.
In addition, GSuite is HIPAA compliant and can help you store your clients’ PHI securely. However, you must sign a Business Associate Agreement with Google to ensure the security of your client’s data.
Gmail is a popular email service with over one billion users worldwide. It can be an intimidating tool for newcomers, but it’s easy to use and works well for most people.
LuxSci is a HIPAA compliant email service provider that offers secure cloud-based communications solutions for companies that need to securely send high volumes of emails. Its solutions include sending HIPAA-compliant email, securing business-critical email, and managing web hosting and compliance for web applications.
LuxSci uses Oracle Cloud Infrastructure to deliver dedicated compute infrastructures to its customers, enabling them to run their core services at scale without the security risks associated with public clouds. This helps them provide secure, fast, and reliable email and web services at scale to their customers.
For organizations that need to communicate with people quickly and efficiently in the midst of the SARS-CoV-2 pandemic, LuxSci is offering a free service for bulk COVID-19-related email communication through October. Its service includes encryption, access restrictions, login audit trails, tamper-proof archiving, and message recall.