How Choose to the Right HIPAA Compliant Email Provider For Your Private Practice

Kalix’s Messaging functionality allows you to securely communicate clients and contacts. Messages can be automated to remind and notify about upcoming appointments, as a reminder to pay outstanding bills, to collect client information via online forms and electronic paperwork), to communicate with other healthcare providers, as well as on an ad hoc basis.

It is important to note, that the sending, receiving and storage of any Protected Health Information is subject HIPAA Compliance. Hence, when choosing your practice’s email provider, HIPAA Compliance must be at the top of your checklist for requirements.

There are lots of solutions out there, we suggest that your number one priority should be when choosing a solution, is to select the product from a company that will enter into a business associate agreement with you. By entering into a business associate agreement, the company takes responsibility for the privacy and security of email storage and transmission. If a breach happens, they are legally responsible, not you.

Relating to security, the larger companies are often the best, as they have the most money to spend on technology and infrastructure. They can also be the most affordable. Below are some options what we recommend:

Microsoft Office 365

Office 365 has security certifications for HIPAA compliance such as FISMA, ISO 27001, and SSAE 16. They will enter into a Business Associate Agreement with you, click here for further details. You can pay for full access to Microsoft products including Word, Excel, PowerPoint, OneNote, Outlook, Publisher, and Access. Office 365 is compatible with PCs or Macs, tablets and smartphones. Alternatively, you can just pay for an email only plan. Click here for more info.

Google

Similarly, Google has the security certifications for HIPAA compliance and will enter into a Business Associate Agreement with users that have an Administrator account with Google Apps.The BAA covers services including Gmail, Google Calendar, Google Drive, and Google Apps Vault services (Google’s online documents, spreadsheets, and presentations). For more info, please click here.

Others

There are many other solutions out there. We highly recommend you read the following review of HIPAA compliant email services, click here to read.

Important Note

Regarding email security breaches, most are related to the hacking of email passwords. Emails solutions will not cover you if this happens. We have written an article about password security it is worth a read, click here to view.

It is also worth knowing that HIPAA does not prohibit the use of email to transmit electronic protected health information (ePHI). Instead, the HIPAA Security Rule requires covered entities (you) to implement administrative, physical and technical safeguards if engaged in the transmission of ePHI (email). A big part of this is getting your clients’ to sign a consent form (or Privacy Notice) before sending PHI via email.

One thought on “How Choose to the Right HIPAA Compliant Email Provider For Your Private Practice”

Leave a Reply

Your email address will not be published. Required fields are marked *