HIPAA Compliant Email, HIPAA Email Rules and Regulations

  • Increase font size
  • Default font size
  • Decrease font size
Home Formal HIPAA Compliance

Summary of HIPAA email compliance

E-mail Print PDF

Secure Medical offers secure, premium email services including extensive security features, Spam and virus filtering, robustness, and superior customer service. Secure Medical's offerings are scalable to any size healthcare organization. With consistent management on Secure Medical's part, your small practice or large organization will experience true security.

In addition to Secure Medical itself protecting your ePHI by following the HIPAA Security and Privacy Rules as required, Secure Medical also provides a clean set of guidelines for using its services that enable your ePHI to be safeguarded.  If you follow these guidelines and sign Business Associate Agreements, Secure Medical will certify your account as HIPAA complaint.

Take a look at the table below to see examples of how Secure Medical is to able help you meet HIPAA’s requirements for protecting electronic communications in your organization.

  

Standard: TECHNICAL SAFEGUARDS Sections Implementation Specification R/A?
Access Control 164.312(a)(1) Unique User Identification R
HIPAA COMPLIANT SOLUTION
The Rule States: “Assign a unique name and/or number for identifying and tracking user identity.”
Solution: Use of unique usernames and passwords for all distinct user accounts.

 

Standard: TECHNICAL SAFEGUARDS Sections Implementation Specification R/A?
    Emergency Access Procedure R
HIPAA COMPLIANT SOLUTION
The Rule States: “Establish (and implement as needed) procedures for obtaining necessary electronic protected health information during an emergency”
Solution: PHI in email communications can be accessed from any location via the Internet. There are also mechanisms for authorized administrative access to account data.

 

Standard: TECHNICAL SAFEGUARDS Sections Implementation Specification R/A?
    Automatic Logoff A
HIPAA COMPLIANT SOLUTION
The Rule States: “Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.”
Solution: An organization can set screen savers on their desktops to log users out. Additionally, software automatically logs off all users after a predetermined amount of time; this session time is user- and account-configurable.

 

Standard: TECHNICAL SAFEGUARDS Sections Implementation Specification R/A?
    Encryption and Decryption A
HIPAA COMPLIANT SOLUTION
The Rule States: Implement a mechanism to encrypt and decrypt electronic protected health information.
Solution: All usernames, passwords, and all other authentication data can be encrypted during transmission to and from Secure Medical servers and our clients. Additionally, solution permits end-to-end encrypted email communications with anyone on the Internet, Secure Web Forms enables end-to-end encryption of submitted web site form data, and encryption is used for storage and transmission of sensitive documents, passwords databases, and internal blogs.

 

Standard: TECHNICAL SAFEGUARDS Sections Implementation Specification R/A?
Audit Controls 164.312(b)   R
HIPAA COMPLIANT SOLUTION
The Rule States: “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.”
Solution: Audit trails of logins are available to users and administrators. These include the dates, times, and the IP addresses from which the logins were made. Auditing of all sent and received email messages is also available. Solution also permits auditing of when messages have been read and documents retrieved.

 

Standard: TECHNICAL SAFEGUARDS Sections Implementation Specification R/A?
Integrity 164.312(c)(1) Mechanism to Authenticate ePHI A
HIPAA COMPLIANT SOLUTION
The Rule States: “Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.”
“Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.”
Solution: To prevent unauthorized alteration or destruction of PHI, encryption technologies such as SSL, TLS, PGP, RSA, AES are used to ensure and verify message and data integrity.

 

Standard: TECHNICAL SAFEGUARDS Sections Implementation Specification R/A?
Person or Entity Authentication 164.312(d)   R
HIPAA COMPLIANT SOLUTION 
The Rule States: “Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.”
Solution: Username and Password are used for access control; strict control is given over who can access user’s accounts. Also, use of end-to-end encryption in email and document storage ensures that only the intended recipient(s) of messages or stored documents can ever access them.

 

Standard: TECHNICAL SAFEGUARDS Sections Implementation Specification R/A?
Transmission Security 164.312(e)(1) Integrity Controls A
HIPAA COMPLIANT SOLUTION
The Rule States: “Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.”
“Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of”
Solution: SSL-based encryption during the transmission of encrypted data to/from our clients and document storage services is provided. TLS-based encryption of inbound email ensures that all email sent internally meets “Transmission Security” guidelines and allows you to securely receive email from other companies whose servers also support TLS. Secure Medical also provides true end-to-end encryption of messages to/from non-clients.

 

Standard: TECHNICAL SAFEGUARDS Sections Implementation Specification R/A?
    Encryption A
HIPAA COMPLIANT SOLUTION
The Rule States: “Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.”
Solution: SSL encryption for all transmissions of encrypted email and documents is provided. Additionally all email and documents are stored encrypted with RSA/AES encryption for complete end-to-end security.

 

Standard: TECHNICAL SAFEGUARDS Sections Implementation Specification R/A?
Device and Media Controls 164.310(d) Data Backup and Storage R
HIPAA COMPLIANT SOLUTION
The Rule States: “Create a retrievable, exact copy of electronic protected health information, when needed, before movement of equipment.”

 

Solution: Daily on-site and weekly off-site backups ensure exact copies of all ePHI are included. Live data is stored on redundant RAID-5 disk arrays for added protection. Furthermore, backups are stored in two geographic locations, with weekly backups to optical media stored in vaults.

 

Standard: TECHNICAL SAFEGUARDS Sections Implementation Specification R/A?
    Data Disposal R
HIPAA COMPLIANT SOLUTION
The Rule States: “Implement policies and procedures to address the final disposition of electronic protected health information, and/or the hardware or electronic media on which it is stored.”

 

Solution: Clients can delete their data whenever desired. Additional security comes in automatic expiration of data backups (cease to exist after 1 month). Alternate expiration plans are available for large clients.

  

Healthcare staff using Secure Medical can send and receive email from anywhere in the world using existing or new email clients or web browsers.  A comprehensive solution for a complex law – managed by your account administrators in-house or remotely by our company. Risk assessments for potential HIPAA violations can be performed by administrators through the use of audit trails. Reliability and cost effective solutions are the backbone of Secure Medical – even for extremely large client organizations. And, count on the physical security of our servers, located in state of the art dedicated hosting facility.

 

 
Bookmark and Share

Main Menu


Warning: Parameter 1 to modMainMenuHelper::buildXML() expected to be a reference, value given in /home1/mkurzawa/public_html/hipaa-medical-secure-email/libraries/joomla/cache/handler/callback.php on line 99

Products Menu


Warning: Parameter 1 to modMainMenuHelper::buildXML() expected to be a reference, value given in /home1/mkurzawa/public_html/hipaa-medical-secure-email/libraries/joomla/cache/handler/callback.php on line 99

Related Services

Secure services from our partners
Secure Offsite Backup from CryptoHeaven
Secure Online Storage from CryptoHeaven
Secure Email - Secure, Encrypted, and Anonymous Email Services from CryptoHeaven
HIPAA Email - HIPAA compliant email services for medical doctors from MDemail.net

Newsflash

Secure Medical.net makes it easy to launch a secure hosted HIPAA email solution of any size. Whether you have a small user base or you are building a large online community, Secure Medical.net allows you to deploy a new secure HIPAA email hosted site in minutes and add extra functionality as you need it.