HIPAA secure email refers to the recommendations issues as a part of the HIPAA Security Rule that provides mandates for making Protected Health Information or PHI secured. As a part of these recommendations, it is vital to identify outbound emails that contain PHI. One of the easiest ways of doing this is to include Email Notice for PHI-centric emails. This kind of notification underlines the sensitivity of the information transmitted as a part of the email.
Secondly, email messages containing PHI should not be addressed to non–healthcare entities or non-covered entities unless any recipient ID has been purposefully added to the automated forwarding mechanism being used in the workplace.
Thirdly, electronic messaging of patient information among patients and providers should be initialized only after establishing consent from the patient. This is referred to as Informed Patient Consent for Electronic Messaging.
Fourthly, it is vital to ensure that the recipient address (to whom the email is addressed) is the actual/intended email address. For this, covered entities can use electronic messaging software that can provide comprehensive SSL/TLS encryption. Such a system ensures that transmission of email messages is secured and headed only to the intended recipients.
HIPAA-compliant Email Communication Systems
Covered entities should search for a cost-effective email system that can deliver such solutions along with ensuring:
• Stringently restricted access to PHI
• Compatibility with HIPAA rules/regulations
• Unrestricted volumes in terms of information communicated through emails
• HIPAA readiness in view of expected, new recommendations as a part
of Security Rule updates