HIPAA Compliant Email Provider Checklist

So, your company is looking for a secure email provider, but remaining HIPAA compliant is the main priority … What do you need to do?

How To Choose A HIPAA Compliant Email Provider

Be sure of the following:

1. The secure email provider’s secure email solution meets all of the HIPAA requirements specified in their listed security rule (section 164.312.(a-e). This is, objectively, the most important step in the process, seeing as if the products fail to meet the HIPAA requirements, you’ll be violating HIPAA compliance policies and requirements. Violations can lead to harsh penalties and fines.

2. All of the secure email solutions are hosted in an SSAE 16 Type II Certified Datacenter. This will help ensure the protection of your information.

Remaining HIPAA Compliant is only a piece of the puzzle; the other piece involves your company guaranteeing the safety of client and employee documents and information.

3. The provider has 24/7 online and phone support services. This is important for your company.

Do you really want to jeopardize sensitive information included in your messages simply because you couldn’t get a support member on the phone? Or because their support’s response was received days after your initial query was sent?

Also, find out where the secure email provider’s support team is based. A non-outsourced support team will make communicating back and forth a much simpler, less time-consuming process.

4. Along with having access to 24/7 customer support, you’ll want to find out if the secure email provider supports both the registered users, as well as their individual recipients.

Your company’s support staff shouldn’t be burdened by any issues that your recipients may be having when opening or receiving your secure messages. Make sure that’s the responsibility of the secure email provider’s customer support team.

5. Make sure that the secure email solution you choose is compatible with all devices, both desktop and mobile.

Being able to send secure messages from anywhere in the world on any mobile device is patently a much more advantageous solution for both your company and its employees.

It’s also worth noting that if the secure email solution is compatible with other email applications, such as Microsoft Outlook, it’ll make the process of sending and receiving secure messages that much simpler.

6. The secure email solution you choose should be supported by all web-browsers. Why purchase a product that’s incompatible with Google Chrome, Internet Explorer, Safari, or Firefox? A solution hindered by any of those web browsers would hardly make for a conducive component in your ideal work space.

7. The provider that you choose should always sign a BAA (Business Associate Agreement). This will define what your business and the provider are responsible for and who is liable if a breach of data was ever to compromise emails sent by your employees, clients, or their recipients. You can learn more about how a BAA works right here.

Originally published July 24th, 2015.