" HIPAA email Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more

Posts Tagged ‘HIPAA email’

Is SendGrid HIPAA-Compliant?

Wednesday, October 30th, 2019

If your health organization has been investigating its options for promotional email services, you may be wondering, “Is SendGrid HIPAA compliant?” The popular service is used to send 50 billion emails each month, with major clients including Uber, Spotify and Yelp.

SendGrid offers convenient marketing campaign tools alongside its own email API, and its solutions help to both save time and offer scalability. But is SendGrid an appropriate tool for those that need to send HIPAA-compliant bulk email?

Is SendGrid HIPAA-Compliant?

“No, we are not.”

SendGrid makes this extremely clear on its Is SendGrid HIPAA-compliance page. The company should be commended for being so upfront about this. Some of its rivals take a bit of poking around to figure out whether their services can be used to protect ePHI within the confines of HIPAA regulations.

The company does not provide HIPAA-compliant marketing email software with appropriate safeguards for sensitive patient data. SendGrid goes on to say that, “We do not offer any encryption or security measures…beyond those included in the SMTP RFC, which was not designed with HIPAA compliance in mind.”

If that wasn’t enough to convince you, SendGrid’s Terms of Service certainly should:

If You are (or become) a Covered Entity or Business Associate (as defined in HIPAA) or a Financial Institution (as defined in GLBA), you agree not to use the Service for any purpose or in any manner involving Protected Health Information (as defined in HIPAA) or Nonpublic Personal Information (as defined in GLBA).

If you got lost in the legalese and you’re still wondering “Is SendGrid HIPAA compliant?” the paragraph is essentially just a fancy reiteration of the company’s earlier response of, “No, we are not.”

As one final nail in the coffin, SendGrid’s website has no current mentions of its willingness to sign a business associate agreement (BAA). BAAs are essential for HIPAA compliance whenever one company uses the service of another to transmit, store or process their ePHI in any way.

These agreements lay down the ground rules for how data will be shared, the protection measures that will be put in place, and which party is legally responsible in different circumstances. If a company is unwilling to sign one of these agreements, then it’s impossible to use its service to process ePHI and still remain HIPAA-compliant.

SendGrid HIPAA-Compliant Alternatives

Because SendGrid is not a HIPAA-compliant marketing email service, your organization will need to look for other options that provide secure bulk email solutions. At LuxSci, we specialize in HIPAA-compliant technologies that protect data and can meet the stringent regulatory requirements.

From our High Volume secure email sending service to our HIPAA-compliant web hosting, we design all of our offerings to make it as easy as possible for our clients to comply with the laws, without compromising on usability or effectiveness.

What is Willful Neglect Under HIPAA?

Thursday, March 7th, 2019

HIPAA, the Health Insurance Portability and Accountability Act of 1996, spells out rules and regulations for the privacy and protection of individually identifiable health information. The HIPAA Privacy Rule and the HIPAA Security Rule establish standards related to the implementation of physical, administrative, and technical safeguards to ensure that PHI or Protected Health Information is handled with the utmost confidentiality and integrity.

The failure to adhere to the regulations established under HIPAA can lead to criminal and civil penalties, followed by progressive disciplinary actions. These penalties apply to to healthcare entities, as well as individuals.

The reckless or intentional failure to comply with the rules set forward under HIPAA is what is referred to as “Willful Neglect.”  Violations, as a result of willful neglect, can carry severe penalties, civil or criminal depending on the exact facts of the case.

what is willful neglect HIPAA

Case in point

In early 2011, the HHS (The Department of Health and Human Services) levied a fine of $4.3 million on an entity named Cignet Health Center for willful neglect. What’s unique about this case is that the entity was not fined for breach of privacy.

Read the rest of this post »