The key concern with HIPAA regulations is Protected Health Information (PHI).  Any medical supply company, insurance agency, or doctor's office must follow compliance guidelines to protect patient privacy. 

Email is one of the main forms of communication utilized by businesses today.  But, the healthcare industry must take extra precautions when using email. The protection of emails containing PHI from hackers or cyber criminals should be taken seriously.  The free email "consumer-grade" systems are not designed or intended for secure transmission.  In addition, the audit, tracking, and access logs of consumer-grade email systems are generally inaccessible. Therefore, you should never send any PHI utilizing those free consumer-grade systems.  I would add, any business information crossing into those consumer systems are at higher risk of exposure.

Microsoft Office 365 is a cloud-based HIPAA compliant email system that provides all the consumer-grade ease-of-use options and more.  It allows IT administrators access to the logs, tracking, and audit trails that enable compliance.  It can also be extended to encrypt data and protect against unintended PHI compromise or submissions.  In addition, as doctors move to mobile devices to run EHR systems,  Office 365 has a remote wipe option that allows emails to be deleted from stolen devices further protecting data.  In conclusion, we recommend steering away from those consumer-grade email systems use when sending business correspondence and/or for maintaining regulatory compliance.


Cloud Email migration is easy when you leave it to the experts.

Join us and make your practice a more secure place.