Does Outlook with Office365 Comply with HIPAA Regulations?

The minimum fine for deliberate violations of HIPAA laws will result in a $50,000 fine, and the maximum by an individual could be upwards of $200,000. So, the big question here is… does Outlook with 365 conform to the laws of HIPAA? Not exactly, but it can be! Following a basic purchase of the platform and even with a signed BAA could leave you sending emails that are NOT compliant with HIPAA regulations.

First, you’ll want to purchase the “Office Message Encryption” add-on from Microsoft. This is an additional service you can add to your Outlook email account that’s built on Microsoft Azure Rights Management (Azure RMS). It is part of Azure Information Protection. This includes encryption, identity, and authorization policies to help secure your email.
Second, you’ll want to find a third-party that offers HIPAA compliant email encryption, such as NeoCertified. NeoCertified is an email encryption platform, offering an Outlook plug-in you can use to send data-sensitive emails through Outlook. You can purchase your secure email account at neocertified.com, once purchased go to med1.neocertifiedmail.com to access your secure portal. You can then download our Outlook plug-in to start sending secure emails through your Office365 email account.

Taking the necessary measures to comply with the regulations of HIPAA is very important to avoid fines and other lawful actions from the Department of Health and Human Services‘ Office for Civil Rights (OCR). Since introducing the HIPAA Enforcement Rule in March of 2006, the OCR has the right to investigate any associated entity that deals with sending and receiving ePHI. Complying with the laws of HIPAA can definitely be a tricky matter so it’s important to do your research before you start sending and receiving unencrypted emails that contain ePHI. The most important factors of complying with the regulations of HIPAA and email is to protect your clients’ information and implement the correct security measures in making sure a person is whom they say they are. Using two-factor authentication is a great way to protect the security of an individual’s information and urging them to regularly update their login password is crucial to avoid data breaches.