Google Workspace is one of the world’s most popular email platforms. Although it is more than adequate for basic email correspondence, Gmail does not come configured to meet HIPAA email security requirements. To use Google Workspace in a HIPAA-compliant manner, you need to use a third-party connector to secure your communications.
Read the rest of this post »
Sending HIPAA-compliant secure emails is easy- LuxSci’s services allow you to send secure emails to anyone with an active email address. One common question is whether the replies back to these messages will also be HIPAA compliant. This is especially a concern when customers choose to use TLS only a a secure means of email delivery.
In this article we will break down the various ways that messages are sent securely from LuxSci to recipients across the Internet, and how replies behave — and whether they are secure and compliant. At the end, we provide some recommendations for best practices for maximizing data security.
Read the rest of this post »
If you are having problems with message delivery, one of the first troubleshooting steps is to view headers in email. You can do this by viewing the message source. We’ll explain the basics, then teach you how to view headers in email for the most popular clients. These include Gmail, Apple Mail, Yahoo! Mail, Thunderbird and Outlook.
Read the rest of this post »
There has been a lot of hype about Google offering a Business Associate Agreement to paid Google Apps customers who must abide by HIPAA regulations. Those who are familiar with Google may be under the incorrect assumption that simply signing up for Google Apps will solve all their HIPAA compliance challenges. This seems to be increasingly less likely as of October, 2014.
Myths and hidden costs pervade this equation. If a HIPAA-aspiring entity isn’t fully educated about the finer details of the compliance process, they could end up paying very large amounts of money for Google services and still be non-compliant. Here we discuss some misconceptions about Google services as they apply to HIPAA to help you avoid the pitfalls of non-compliance.
Read the rest of this post »
Twice in the past few weeks I have received appointment reminders or scheduling information from doctors via email — via insecure, non-HIPAA-compliant email.
An email message contains identifying information: my email address and my name. The appointment email messages also contain information about “the past, present, or future provisioning of health care to an individual” … me! Taken together, this means that these email messages are ePHI (more details – what is ePHI?) and needed to be secured in a HIPAA compliant manner.
That they were not compliant was obvious to me:
Read the rest of this post »
