Listing 4 Results for “Email Services”
The free version of Gmail that most people use is not HIPAA compliant on its own, but Google’s G Suite can be HIPAA compliant. G Suite includes Gmail, Google Calendar, and Google Drive, just like the free version, but it also includes security features that, once configured, make G Suite HIPAA compliant. Once you’ve made your G Suite account HIPAA compliant, your connected Gmail account will be HIPAA compliant as well. Gmail is the most widely used email service around, with 1.5 billion users worldwide, an increase of 500 million users just since 2016. The ubiquity and familiarity of Gmail make it an appealing option for healthcare companies. HIPAA sets strict standards for protecting patient confidentiality and health information. Sending HIPAA-compliant emails requires training staff to use technological safeguards. Your email provider may follow HIPAA regulations, but that doesn’t automatically make your emails secure.Every employee must understand how HIPAA applies to their email. Your staff needs training in everything from encrypting sensitive emails to ensuring they’re sent to authorized recipients. Ongoing training is necessary as healthcare workers are often targeted by phishing and other email attacks. Recent breaches have compromised the sensitive personal data, such as Social Security numbers and financial account information, as well as the PHI of hundreds of thousands of patients. Continuous training improves the chances your employees will thwart phishing scams before they cause any damage. Your business needs a straightforward, step-by-step process to help staff comply with both HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act. Now that we’ve considered the importance of strong training and policies, it’s time to take a look at the technical side of things. You need a signed business associate agreement (BAA) with every third party that could access the PHI in your custody. Using an email provider is no different. A BAA ensures that your business associate understands how they can use PHI and what security measures are required. The fundamental risk of transmitting PHI via email is that unauthorized people could gain access to that data. HIPAA-compliant email services should have strong security features or allow third-party plugins that provide the needed security. Access must be restricted to only those who need the information. Never print emails that contain PHI. These emails should be visible only to the sender and the recipient. Using end-to-end encryption and access controls ensures that ePHI doesn’t fall into the wrong hands. Google will sign a BAA with healthcare companies that use G Suite but not until all security protocols are in place. Using G Suite to transmit or store PHI before you have the BAA is a HIPAA violation.
The free email platform offered by Microsoft, Outlook.com, isn’t built to handle ePHI securely and isn’t HIPAA compliant. However, Outlook can be used as a HIPAA-compliant service with a paid Office 365 subscription and additional client-side encryption. For HIPAA compliance, users must be on one of the following plans: Office 365 Business Premium, Office 365 Business Essentials, Office 365 ProPlus, Office 365 Enterprise E1, Office 365 Enterprise E2, or Office 365 Enterprise E3.
Virtru provides HIPAA-compliant data protection services that encrypt email and files to protect confidential patient health information (PHI). HIPAA defines specific technical standards for data encryption, and Virtru meets or exceeds these standards at all times. Encryption protects files while they are in transit and at rest.Additionally, Virtru provides administrative controls for managing emails, photos, videos, PDFs, and Office files. You can manage authorization to allow or disallow users to access specific content and types of content. Tracking and monitoring features provide real-time protection for patient information.Other HIPAA-compliant security features include forwarding restrictions and the ability to revoke messages after they are sent. When sharing information between patients and colleagues, the content is always protected, private, and audit-ready.Virtru offers client-side email encryption if you’re using the plugin with on-device encryption. When creating information on the device, the protection occurs immediately (before distribution). Advanced controls allow end-to-end encryption, so patient information is always safe.Virtru can integrate end-to-end encryption in Gmail. Google will sign a BAA and ensure protection for content within your email account. But privacy control isn’t available when the data leaves the Gmail ecosystem. Virtru offers an extra layer of security to strengthen privacy controls after email leaves your inbox. When using Virtru and Gmail together, you must have a signed Business Associate Agreement (BAA) from both providers.All Virtru services meet or exceed technology standards required for HIPAA compliance. Virtru is willing to sign a (BAA) for customers on most of its paid plans. BAAs aren’t available if you are an unpaid user with a Personal Privacy account. If you need a signed BAA, purchase a paid plan and contact the support team to receive this HIPAA-compliant documentation. It usually takes one to two weeks to receive the countersigned document. You should not enter patient health information in the system until this document is signed.
Even though ProtonMail isn’t designed specifically for the healthcare industry, it offers security features healthcare organizations can use for protected health information (PHI). ProtonMail includes a HIPAA compliance statement on its website that assures HIPAA-covered entities the company will do its part to protect patient data.Privacy and security features include end-to-end encryption and zero access data management. The service uses 4,096-bit RSA encryption for all stored communications. World-class data centers provide physical security for all data backups. The server hardware is located in Switzerland where the servers use fully encrypted hard disks, including multiple password layers in case the hardware is removed from the data center.If a user’s device is stolen or lost, a remote wipe feature protects PHI. Account owner authorization gives healthcare organizations control over who can access the information. Automated virus checking and data backups are standard. There is also a sophisticated monitoring system.ProtonMail employees don’t have access to PHI. Since the encryption is zero access, ProtonMail employees can’t read a user’s encrypted data. As part of the employment contract, each employee signs a confidentiality agreement.At the end of a contract with ProtonMail, the company deletes all of an organization’s data from its servers. ProtonMail doesn’t store paper copies or printed reports in its facilities.ProtonMail offers a signed BAA for all accounts, including its free plan. Healthcare organizations can request a signed copy by emailing email@example.com and using the email subject line: “HIPAA BAA.”