November 12, 2015 Aspida Mail, HIPAA
Email has become an essential way for people to communicate. As technology has continued to progress, so too have the potential risks that can arise from sending and sharing information online.
Personal information and data are oftentimes targets of cyber-attacks and can put this information at risk. For everyday emails between friends the risk may not be too involved. However, for healthcare providers this is a very serious topic. HIPAA has stepped in and recommends that any sensitive ePHI be protected at all times.
There are a number of ways to encrypt your email, through the use of browser extensions/plugins, file transfer programs and encrypted email services. While some of these methods may suffice for everyday emailing, the standards for HIPAA require something more secure.
Going through the Google Chrome store you will notice a number options for an encrypted email extension. While these applications will help to encrypt the data, they have their short-comings, especially for healthcare providers.
One good thing is that most of these extensions actually do provide some added security by encrypting the email rather than displaying it in plain text. If you are a regular email user that is not sending and/or receiving ePHI, then this may be a reasonable solution for you.
The issue with these free extensions is that they do not provide the added security that some fully developed encrypted email services may include. If you are a healthcare provider and are sending patient files or x-rays, it is essential that these files remain secure at all times. Additionally, these browser extensions do not provide any audit trail, backup or storage of old emails.
File Transfer Programs
File transfer programs are especially useful for people that are sending a lot of large images through their email. Most of these systems do not use standard email infrastructure, therefore they can allow large files (>25MB) to be sent using their service.
The issue with these programs is that some of them require you to install software or an extension in order to utilize their functionality, in addition to management.
While a file transfer program is great for these large files, they can be time-consuming and cumbersome for practices that wish to use encrypted email alone. Offices find themselves using email to communicate with other practices, and these emails oftentimes include sensitive patient information. So while you need to completely protect the data, you do not want to jump through hoops to do so.
Encrypted Email Services
Encrypted email services can allow you to easily send, receive and store email securely. The complexity and security of the system varies from provider to provider.
A service provider, such as Aspida Mail, has built out a secure system that easily allows you to integrate their service into your email flow. With a quick change to your IMAP settings, you can be up and running and sending encrypted email within minutes.
While there are many different options when it comes to securing your email, you must consider what you are risking by not completely covering your healthcare practice. Be sure that you are staying compliant by providing a secure and safe way to transmit (and store!) ePHI through email.