HIPAA-Compliant Email

Definition - What does HIPAA-Compliant Email mean?

A HIPAA-compliant email is an email service that provides sufficient security processes for HIPAA compliance. Medical businesses and other kinds of third-party businesses must comply with the standards of the Health Insurance Portability and Accountability Act, or HIPAA, a set of laws enacted in 1996 that regulate the use of sensitive patient health data.

[Techopedia Exclusive] increase DevOps team productivity and efficiency through advanced collaboration. Download this FREE guide today.

Techopedia explains HIPAA-Compliant Email

Responsible businesses ensure HIPAA compliance in many different ways. First, the HIPAA omnibus final rule allows for email communications if a client signs a particular kind of waiver. HIPAA also requires certain security protocols for email communications. Providers and others can meet this, for example, by creating a system where sensitive data is only accessed through an inbound model (introduced by emails that are free of protected data) or by creating a secure email "tunnel" with encryption. Some of the long, legal-sounding signatures on outbound emails are also intended to promote HIPAA compliance.

HIPAA standards also extend to third-party businesses that are called "business associates." Some of these are technical service providers such as ISPs and email hosts. In response to the stringent standards of HIPAA, some providers are adding end-to-end email encryption to services in order to make sure that sensitive data is not intercepted by a third party during transit. HIPAA-compliant email is just one element of full HIPAA compliance for any businesses that deal with patient identifiers, information on individual personal health conditions, and other kinds of protected health information.