" hipaa bulk email Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more

Posts Tagged ‘hipaa bulk email’

Is SendGrid HIPAA-Compliant?

Wednesday, October 30th, 2019

If your health organization has been investigating its options for promotional email services, you may be wondering, “Is SendGrid HIPAA compliant?” The popular service is used to send 50 billion emails each month, with major clients including Uber, Spotify and Yelp.

SendGrid offers convenient marketing campaign tools alongside its own email API, and its solutions help to both save time and offer scalability. But is SendGrid an appropriate tool for those that need to send HIPAA-compliant bulk email?

Is SendGrid HIPAA-Compliant?

“No, we are not.”

SendGrid makes this extremely clear on its Is SendGrid HIPAA-compliance page. The company should be commended for being so upfront about this. Some of its rivals take a bit of poking around to figure out whether their services can be used to protect ePHI within the confines of HIPAA regulations.

The company does not provide HIPAA-compliant marketing email software with appropriate safeguards for sensitive patient data. SendGrid goes on to say that, “We do not offer any encryption or security measures…beyond those included in the SMTP RFC, which was not designed with HIPAA compliance in mind.”

If that wasn’t enough to convince you, SendGrid’s Terms of Service certainly should:

If You are (or become) a Covered Entity or Business Associate (as defined in HIPAA) or a Financial Institution (as defined in GLBA), you agree not to use the Service for any purpose or in any manner involving Protected Health Information (as defined in HIPAA) or Nonpublic Personal Information (as defined in GLBA).

If you got lost in the legalese and you’re still wondering “Is SendGrid HIPAA compliant?” the paragraph is essentially just a fancy reiteration of the company’s earlier response of, “No, we are not.”

As one final nail in the coffin, SendGrid’s website has no current mentions of its willingness to sign a business associate agreement (BAA). BAAs are essential for HIPAA compliance whenever one company uses the service of another to transmit, store or process their ePHI in any way.

These agreements lay down the ground rules for how data will be shared, the protection measures that will be put in place, and which party is legally responsible in different circumstances. If a company is unwilling to sign one of these agreements, then it’s impossible to use its service to process ePHI and still remain HIPAA-compliant.

SendGrid HIPAA-Compliant Alternatives

Because SendGrid is not a HIPAA-compliant marketing email service, your organization will need to look for other options that provide secure bulk email solutions. At LuxSci, we specialize in HIPAA-compliant technologies that protect data and can meet the stringent regulatory requirements.

From our High Volume secure email sending service to our HIPAA-compliant web hosting, we design all of our offerings to make it as easy as possible for our clients to comply with the laws, without compromising on usability or effectiveness.

How to Pick the Right Platform for High Volume Transactional Emails

Tuesday, June 12th, 2018

Many healthcare organizations prefer using email for business communication as it leaves a paper trail and can be a more secure solution than mobile messaging. When large volume transactional emails need to be sent every month, healthcare organizations face the challenge of ensuring that any financial and personally identifiable data sent by email is secured to avoid data misuse. The good news is that the email security challenge can be overcome by using a high bulk email platform that safeguards the confidentiality of the information.

high volume email

Here’s what you should look for when selecting an email platform for transmitting large volumes of transactional information regularly:

Read the rest of this post »

Transactional/Bulk email with ePHI in It? What to do about HIPAA

Thursday, August 29th, 2013

Case in pointA medical lab that needs/wants to send test results to patients via email.  This is:

  • Bulk email … possibly 100s or 1000s of messages/day
  • Transactional … every message is important and unique.
  • ePHI … every message contains private health information governed by HIPAA

Customers that have approached us looking for solutions for scenarios like this and others (e.g. medical news, appointment updates and reminders, etc.) have had problems managing this kind of electronic messaging because:

  1. Their own ISPs put limits on the maximum number of messages they can send in a day
  2. Most email marketing solutions and bulk mailing solutions do not have a HIPAA bulk email compliance component and thus are completely useless for sending ePHI of any kind.
  3. All messages must be encrypted in a HIPAA compliant way, making in house solutions difficult, especially when combined with #1.

    Read the rest of this post »

HIPAA Compliant Email Marketing

Wednesday, June 12th, 2013

Customers are constantly referred to us with a specific requirement: The need to send newsletters, marketing materials, or semi-bulk email messages … but in a HIPAA compliant way.

Typically,  it is not just the HIPAA-compliant sending that they need (e.g. as provided by our Premium High Volume service), they also need a user interface for composing the messages, sending, tracking opens and clicks, etc.  It turns out that the vast majority of email marketing systems out there do not offer compliant sending, nor do they offer a compliant campaign management and tracking interface.  This makes it very difficult for organizations in the health care sector, and all of their business associates, to use email marketing effectively when PHI may be involved.

Read the rest of this post »