HIPAA Compliant Emails Sent From your Web Site: Best Practices
Tuesday, January 7th, 2014
You buy a HIPAA compliant web hosting infrastructure. You configure your web site to send out email messages in the simplest way, e.g. through PHP mail, or some other generic and standard mechanism. You think you are all set — but you are not.
HIPAA compliant web hosting services provide a server infrastructure that allows you to be compliant; however, it doesn’t make you compliant. Your web designers must make choices and program your site so that it properly respects ePHI. If they do not do all the appropriate things, you will be out of compliance. E.g. see: 7 steps to make your web site HIPAA-secure.
In particular, email messages sent in the “normal way” from a web site will go out insecurely in a way that will violate the HIPAA Security Rule if they contain ePHI of any kind. E.g. they will not be encrypted and will not be archived.
Read the rest of this post »
Our sales staff have been asked this question countless times. It is a natural assumption that because SSL and TLS encryption of email (and web sites) requires use of an “SSL certificate”, that one must buy an SSL certificate in order to use such a service. Fortunately, the answer is always
As a healthcare provider, business owner, or educator, you need a way to communicate with clients, patients, customers, or colleagues who assume or require privacy and confidentiality of information. This may be a legal requirement for you as well. You need to be able to send and receive information securely, quickly, and easily.
