Most small to medium-sized businesses won’t bat an eye at the enormity of the next data nationwide data breach or the next multi-million dollar Health & Human Services fine that makes the front page of the newspaper because this could “never happen to them”. The thought process is really quite simple. The large corporations are sitting ducks: easy targets for hackers to constantly besiege with viruses, malware, and DDoS attacks, and sitting ducks for federal regulators to brand with an annual HIPAA audit.

These large corporations keep taking the brunt of the malicious attacks and severe federal penalties, all while the small dental office or local physician’s practice is shrouded in a sea of hundreds of other locally owned & operated small healthcare-related businesses, tucked safely away from the silver screen, mass popularity, and the newspaper headlines. The risks simply aren’t there for these businesses. This comes without even mentioning the cost for securing data. A method like email encryption is far too cost-prohibitive for a business that is only at most 20 individuals.

This is often the stance that small businesses have in regards to digital security precautions and data loss prevention.

This type of thinking is absolutely FLAWED and is one that could potentially harm your existing client base, your reputation in the local community, and potentially sink your entire business.

Here’s why…


As much as small business owners would like to believe that their Gmail account is secure, the truth of the matter is that it’s just not so. Gmail, AOL, MSN, Yahoo! and any other standard email account is not secure; includes zero protection of your documents, messages, and attachments; and does not meet HIPAA regulations and policies.

These types of accounts are easily accessible by third-party hackers and cyber-thieves. Once a standard email message is sent from your account, it bounces off of a plethora of unprotected email servers before arriving inside of your inbox. It’s at these vulnerable access points that cyber-thieves can compromise any information you may have sent.

These standard email accounts also do not meet HIPAA policies, which states that all electronic protected health information (ePHI), such as names / addresses / credit card & social security numbers / health records & numbers, must be protected both in transit and at rest.

Only a secure email account that utilizes some form of encryption can protect your data in transit and at rest. HIPAA also requires specific password requirements for your accounts, and for these accounts to enforce a required password change every 90 days.


Since email has become one of the quickest, most efficient forms of communications (especially in the healthcare industry), protecting the data that’s being sent has become paramount. Nothing is more important than ensuring that the clients of your healthcare clinic or agency are protected at all costs.

The threats are real. The sheer number of data breaches and cases of identity theft continue to skyrocket at an extraordinary rate. All because the agencies, companies, and businesses sending the information haven’t taken the necessary precautions to protect the information. It’s not rocket science and it’s not a difficult process to integrate into your daily routines. Most email encryption solutions even offer their own integrations into the email systems the business already uses at work, which really gives the business no excuse to not be encrypting their email messages.

But, the price of email encryption…

• FIRST of all, there should be no cost too high when it comes to protecting a customer’s private information. The penalties and fines that HHS levies against companies that fail to protect private information range from the tens of thousands to the millions. The specific number is purely dependent on the severity of the breach, which clearly shows that HHS values customer information & privacy above all costs. You should too.

SECOND: most secure email solutions have extremely affordable, cost-effective options and bundles that won’t run you more than a couple hundred bucks a year. So, in the end, it comes down to what you really think the data integrity of your clients is worth, and if gambling your entire business’ financial solvency to bypass using a secure email solution is really worth that risk.

THIRD: You don’t need to go out looking for the secure email solution with all the ‘bells & whistles’, the most storage space, or the highest premiums. Find a solution that properly protects your information, is easy to use for the users and end-recipients, is cost-effective, provides a HIPAA BAA (this is extremely important!), and one that offers 24/7 customer support.



If you’ve found a secure email solution that is HIPAA compliant, offers a HIPAA BAA at no extra charge, provides 24/7 customer support, and is easy to use then you’re on the right path. This is a great start to ensuring that your clients’ data is always protected across email.

If Health & Human Services were to ever audit your business, you will be free of liability (because of the BAA you’ve signed with your secure email provider) and you will be compliant with HIPAA and the HHS enforced regulations in regards to email.

Now, If your business wants to further protect information, many companies offer full Data Loss Prevention (DLP) solutions that make encrypting hard disks and servers possible. This is a much more cost-prohibitive step to take, but is definitely one that shouldn’t be overlooked.

If you have any other secure email questions moving forward, feel free to contact NeoCertified at (877) 613-5036 or at Info@NeoCertified.com.

Written by Peter J. Schaub
President & CEO, NeoCertified