How to Send HIPAA Compliant Email.

Why do we need to send HIPAA Compliant Emails?

It is a common misconception that all emails are secure and therefor all the mail we send out are HIPAA compliant emails.If you use an email service provided by you internet provider or a free email service such as Yahoo or Gmail, these are not secure and do not meet the requirements of HIPAA. You need to use a service that is HIPAA approved. Using an unsecure service will open the possibility of you and your company being laid open to sanctions.

How Does Secure Emails Systems Work?

There are a variety of ways in which you can ensure that you send HIPAA compliant emails. Firstly you have to sign up for a service which offers a specifically HIPAA compliant service. There services that offer encrypted emails but not of the standard that is required for HIPAA compliance. Some HIPAA complaint services offer an email service that secures your emails once they reach their servers, others that encrypt the email before it leaves your computer. Some will offer a service that can only be used between tow computers that are attached to the service providers system. There are a multitude of providers and systems.

Which is the Best?

There are pros and cons with whichever system you choose. The answer to that is what do you really need to operate in such a way that suits your business the best? With the systems that encrypt at your computer before the email is sent, you will need to either send to customers of the same service or to give the recipients a secure email box that uses your domain name. If you are sending secure emails to a limited number of recipients outside your organization this may work well.more updated information at

HIPAA compliant

Does Every Email I Send have to be Encrypted?

The short answer to that is no, not every email you send has to be a HIPAA compliant email. Your emails only have to be encrypted if they contain electronic patient’s health information (ePHI). There is an exception to that rule as well. If a patient requests that you send them some ePHI via email, and you are sending information directly to a patient. You need to make that patient aware that the information you are sending them is not encrypted, if that patient agrees and still wants the information, you may send it unencrypted. You need to make a note that you have given the patient this warning and that they agreed.check their latest comment for more detailed information.

What if I Don’t Encrypt my Emails?

If you are caught not sending HIPAA compliant emails there are various sanctions that can be taken against you. There are fines ranging from $100 for the most minor of breaches ranging up to $250,000 plus up to 10 years imprisonment for the most serious and flagrant breaches. All this can be avoided by taking a little time to make sure that all you emails are encrypted.

Add a Comment

Your email address will not be published. Required fields are marked *