Mimecast: How to Ensure Work Email is HIPAA-Compliant

Press Release updated: Sep 14, 2021

NEW YORK, September 14, 2021 (Newswire.com) - The Health Insurance Portability and Accountability Act (HIPAA) is a regulation that protects patients' privacy by requiring organizations to keep certain information confidential. To ensure all email correspondence is HIPAA-compliant, the organization must take the appropriate steps to secure protected health information (PHI) as it is transmitted electronically in transit and at rest.

Get Patient Consent Before Communicating Via Email 

Although communicating via email is fast and convenient, it's crucial that an organization gets patient consent in writing before sending emails containing PHI, even if the encrypted email service provider is HIPAA-compliant.

Patients should also be notified of the potential confidentiality risks. Once they have accepted the risks, the encrypted emails can then be shared between the sender and recipient without infringing on HIPAA guidelines. 

Use End-to-End Encrypted Email Services 

Encrypted email services are a great way to protect the information from being intercepted or compromised by cyberattacks. However, some services that encrypt email communication in transit may not meet HIPAA standards.

An organization should ensure that its encrypted email services have end-to-end encryption; securing messages in transit and at rest so only the recipient and sender can access the emails. 

Ensure All Encrypted Emails are Retained and Archived Safely

Healthcare providers and other involved organizations should ensure that all emails regarding PHI and changes in privacy should be retained for at least six years to adhere to HIPAA guidelines.

Storing six years' worth of emails and attachments can demand a significant amount of storage space, and cloud-based storage is one of the most convenient and practical ways to archive the data. Encrypted email services that offer cloud storage and archiving services can give an organization storage space that is convenient, secure, and easy to access.

Use a HIPAA-Compliant Email Solution 

It's important for an organization to choose the correct provider for email archiving and security while still providing simple systems that won't overwhelm IT teams. Good secure email services will make it easy for IT to navigate alerts and updates while being simple to navigate for the tech-unfriendly.

A secure email service can integrate defense tactics against other threats as well, such as ransomware, phishing emails, and impersonation fraud, offering an all-in-one solution for email protection. Look for an email service that's passed the HIPAA Security Compliance Assessment to ensure that the provider is familiar with the unique demands of HIPAA compliance. 

***

Contact: carolina.darbellesv@iquanti.com

Source: Mimecast

Tags

About Mimecast

Mimecast is the company solving the top cyberattack vector - email. We deliver relentless protection for tens of thousands of customers around the globe; always putting them first, and never giving up on tackling their biggest security challenges.

www.mimecast.com

More Press Releases