Before you can determine if your emails are following HIPAA compliance rules, the first question is, what makes an email HIPAA compliant? The exact specifications have been subject to debate based on changes made in the Health Insurance Portability and Accountability Act (HIPAA) in 2013. However, the general consensus is that encryption alone is not enough.
As discussed in HIPAA Journal, HIPAA email rules now require covered entities to implement access controls, audit controls, integrity controls, ID authentication, and transmission security. These controls should be in place in order to restrict access to patient health information (PHI), monitor how PHI is communicated, ensure the integrity of PHI at rest, ensure 100% message accountability, and protect PHI from unauthorized access during transit.
The article states, "So, although emails can be HIPAA compliant, it requires significant IT resources and a continuing monitoring process to ensure that authorized users are communicating PHI in adherence with policies for HIPAA compliance for email."
It’s difficult for a dental practice, which does not specialize in IT, to ensure that it has these resources and processes in place. That's why using a secure, third-party service is both practical and important.
You may be thinking, “My practice is small and flies under the radar of cyberattacks. Do I really need a security system for my email?” The answer is “yes” because the threat to any practice is real. According to research by McAfee Labs, 26% of all observed cyber threats in the second-quarter of 2017 were directed at healthcare industries, making it the industry with the single highest volume of threats. You wouldn’t leave unattended packages on your front step in a high-crime neighborhood. Similarly, you would want to make sure your outbound mail was delivered securely in such an environment.
In an article for Health IT Outcomes, cybersecurity expert David Wagner advises the healthcare industry to focus on its weakest points, particularly email inboxes that are full of valuable and vulnerable data.
"Organizations need to ensure that messages are scanned to detect and defend against inbound threats and automatic encryption is used to protect outbound communication," Wagner writes. "Consider hosted solutions that are both updated to protect against the latest threats and easy to use so that communication doesn’t become a barrier between providers and staff, business associates, and, most importantly, patients."
SecureMail from XLDent is one such hosted solution that’s both HIPAA-compliant and easy to use. With one-click functionality, SecureMail secures sensitive patient email and file attachments from accidental exposure and data theft. It then provides a chain of accountability that tracks and confirms that mail has been sent, received, and opened. The cost-effective, cloud-based subscription service is available to any practice, regardless of dental practice management system, and is easy to install, use and maintain, with Microsoft Outlook compatibility. Users can log in and send larger files and images directly from the web portal, bypassing email system file size limitations. The cloud offers up to 100 MB standard, and up to 2 GB optional.
Guard your practice's reputation by protecting your inbound and outbound communications. Learn more about SecureMail and XLDent's other secure eServices at www.xldent.com.