Solo practitioners or private practice therapists providing services that access, store, or transmit protected health information must be HIPAA compliant. In short, any business or organization that electronically handles health information and transactions is considered a covered entity. Health care clearinghouses, healthcare providers, and organizations dealing with health plans are all considered to be covered entities under the Health Insurance and Portability Act (HIPAA). However, other professional practices such as psychologists and therapists (behavioral, physical, and occupational), are categorized as covered entities as well, but only if they are electronically handling patient-related healthcare data.

HIPAA compliance is not as cut and dried as people may think, knowing whether or not you need to be HIPAA compliant and how to get there can be a confusing and overwhelming process. Unfortunately, it’s not as easy as including a HIPAA disclaimer at the end of an email or document, every practice is different, and you’ll need to develop a strategy that is appropriate for yours.

When Should You Use Secure Email?

Anytime you are sending or receiving sensitive patient-related data you’ll want to implement a HIPAA compliant email service into your standard email application. Using standard email to send any type of personally identifiable information (PII) is a breach of HIPAA and even a first offense may be enough to get your practice shut down. Examples of highly sensitive patient information are:

  • Patient records
  • Any document containing a social security number
  • Insurance information
  • CPT codes
  • Analysis data
  • Test results

If these items need to be sent or received over email, then you’re going to need an encrypted email service. As an email service provider, NeoCertified provides secure communications for businesses of all sizes at affordable rates.

What is a BAA and When Do You Need One?

A Business Associates Agreement or BAA is a written contract between two parties that creates a bond of liability and is typically needed for HIPAA compliance purposes. HIPAA-covered entities or business associates dealing with ePHI, PHI, PII, or any other personally identifiable information, a signed BAA is required by law. NeoCertified offers free BAAs with all of our secure email plans!

Is Microsoft Outlook or Gmail HIPAA Compliant?

Most free email applications won’t typically come equipped with security measures that protect sensitive information. Whether you’re using Gmail, g suite or Microsoft email chances are you’re sending messages across an unsecured network that could easily become breached. There are ways to make your standard email applications HIPAA compliant with a few extra steps. One thing you can do is purchase an Add-In or Extension for these applications so that you’re able to send encrypted emails.

What Other Options Are There Besides Secure Email?

If you are struggling to find a secure email provider that fits within your security needs, then you can always use an electronic health record (EHR) patient portal, if available to you. EHR patient portals can be an effective way of securely communicating between therapy providers and clients. EHR portals email archive patient data with end encryption that can be easily accessed with e-signatures and shared across different settings that call for specific information safeguards such as HIPAA. Another possible option, if available, you could think about using instead of secure email is an encrypted web form. Encrypted web forms or secure forms are online HTML forms that use encrypted technology to send and receive secure messages and attachments, they can even be placed directly on your website so you and your clients can have a secured channel of communication.

Get Consent Before Using Email as a Way of Communicating.

While it may be convenient to communicate with your patients through email, obtaining written client consent to use email as a communication method must be obtained from the patient in writing before the email can be used as the primary form of communication, even if a HIPAA compliant email provider is used. Clients must be advised that there are risks to the confidentiality of information sent via email. If they are prepared to accept the risks, emails containing sensitive data can be sent without violating HIPAA Rules.

Use A Reliable Email Encryption Service.

When using a secure email provider, it is important to make sure the solutions they offer will meet your specific needs. A few things to look for or ask when searching for the right secure email provider are:

  1. Do they offer BAAs? If so, is there a cost or is it free when you purchase an account?
  2. Do they offer encrypted Add-Ins or Extensions for the email application you’re currently using?
  3. Is the service easy to use?
  4. Do they offer technical support?
  5. What type of HIPAA-compliant email solutions do they offer?

Asking the right questions is vital to obtaining HIPAA compliance for your practice. As they say, “prepare and prevent, don’t repair and repent”. If you have specific questions or concerns relating to HIPAA-compliant email, another thing you can do is consult with an attorney so they can offer you professional legal advice on the necessary steps to becoming HIPAA compliant.

Protect your clients and put your practice in a better position to protect your patient data and stay compliant with HIPAA regulations. Learn more about the best HIPAA-compliant email solutions with NeoCertified – contact us today!

**Disclaimer** The content displayed in this article is merely for educational purposes. It is not intended or claimed to be a substitute for legal or professional advice. Should you decide to act upon any information listed above, you do so at your own risk!

While the information in this article has been written and researched to the best of our abilities, we can not guarantee that there are no mistakes or errors.

We also reserve the right to edit or change this policy at any given time, of which an update will be listed at the top of the article on said date. If you want to make sure you are up to date with the latest changes in HIPAA compliance or HIPAA email policies we encourage you to frequently visit this page – thank you.