What is HIPAA Compliant Email? (Does your email support TLS?)



As a healthcare app developer, you must figure out how to keep the data inside your application safe. But there may be situations where patient data must be transmitted through other means, such as email. Our friends at Paubox have put together an overview of what you should know about HIPAA-compliant email.


Written by Arianna Etermadieh, Inbound Marketing Specialist at Paubox

Email is one of the most popular forms of communication today. As the healthcare industry moves away from faxing, protected health information and other important personal details are becoming regularly shared over email. To ensure this sensitive information is properly protected, HIPAA compliant email was born.

The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. Any organizations dealing with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.

These organizations include Covered Entities (anyone who provides treatment, payment and operations in healthcare) and Business Associates (anyone with access to patient information and provides support in treatment, payment or operations).

As a result, email communication between Covered Entities and Business Associates must be encrypted and secure in order to be HIPAA compliant.

How do you enable HIPAA compliant email?

In order to make sure your organization has HIPAA compliant email, you need to be sure you have processes and workflows in place to ensure your staff is properly trained on HIPAA compliance. .

In order to enable secure email, let’s remember how email works. Email transmits through the internet using Simple Mail Transfer Protocol (SMTP), which has been around since 1982.

However, like with any popular technology, people try and decrypt emails regularly to gain personal information that they can use for profit, whether through ransomware or selling private information on the dark web.

In an attempt to protect against these hackers, Transport Layer Security (TLS)< encryption was created.But considering TLS is a protocol, both mail servers need to have TLS in order for the encryption process to work.

To check if a message was encrypted with TLS, look at the email headers. Or, check within seconds using a Secure Email Checker.

Email security depends on encryption

TLS encryption alone does not make your email HIPAA compliant. TLS can fail, and then your personal information is left wide open for snoopers. As a result, the most common way messages are encrypted is through Pretty Good Privacy (PGP) data encryption.

In order to ensure email security, you need a key for every single person you contact. But this isn’t exactly the most efficient method considering how vital email is in modern business.

An email portal can take care of complex encryption needs, but again requires extra steps for users.  Many healthcare providers use portal systems as a way to secure messages that contain sensitive information.

Unfortunately, portals aren’t practical for everyday business needs either as it requires too much of a barrier for recipients of email, especially if they try to view messages on a mobile device. Popular webmail clients like Yahoo and Gmail are also versions of an email portal, but consumer email providers can’t provide the security necessary for regulatory compliance.

Regardless of which email encryption method you choose, it is important that you choose a solution that’s best for your business. HIPAA compliant email encryption is not just for healthcare alone – many industries can benefit from securing their data. Keeping proprietary information safe can make sure you keep your strategies and intellectual property confidential.

Overall, patient data or any other protected health information sent over email or shared via software must be HIPAA compliant. With the right service, enabling secure HIPAA compliant email can be easy and seamless.

Was this article helpful? Subscribe below to learn more about MedStack and get tips delivered straight to your inbox.

About Paubox

Paubox is the easiest way to send and receive HIPAA compliant emails. No plugins, no passwords, no extra steps. Just secure email for senders and recipients. Paubox is based in San Francisco, CA.