HIPAA-Compliant Email

Last Updated: September 30, 2014

Definition - What does HIPAA-Compliant Email mean?

A HIPAA-compliant email is an email service that provides sufficient security processes for HIPAA compliance. Medical businesses and other kinds of third-party businesses must comply with the standards of the Health Insurance Portability and Accountability Act, or HIPAA, a set of laws enacted in 1996 that regulate the use of sensitive patient health data.

Free White Paper: "AI in the Insurance Industry: 26 Real-World Use Cases" | Discover what the future of insurance holds and how AI innovation can be used to hit the mark even more precisely.

Techopedia explains HIPAA-Compliant Email

Responsible businesses ensure HIPAA compliance in many different ways. First, the HIPAA omnibus final rule allows for email communications if a client signs a particular kind of waiver. HIPAA also requires certain security protocols for email communications. Providers and others can meet this, for example, by creating a system where sensitive data is only accessed through an inbound model (introduced by emails that are free of protected data) or by creating a secure email "tunnel" with encryption. Some of the long, legal-sounding signatures on outbound emails are also intended to promote HIPAA compliance.

HIPAA standards also extend to third-party businesses that are called "business associates." Some of these are technical service providers such as ISPs and email hosts. In response to the stringent standards of HIPAA, some providers are adding end-to-end email encryption to services in order to make sure that sensitive data is not intercepted by a third party during transit. HIPAA-compliant email is just one element of full HIPAA compliance for any businesses that deal with patient identifiers, information on individual personal health conditions, and other kinds of protected health information.