Is Email HIPAA compliant?

Email is a method of exchanging messages and digital content such as documents, images, and links between individuals or groups. It is one of the most common forms of communication in both personal and professional settings, known for its convenience, speed, and versatility. Whether it's Gmail, Outlook, or any other service, email allows users to send and receive messages across devices and platforms, providing a high degree of accessibility.

Screenshot of email platform showing email composition screen

Email in healthcare

In the context of healthcare, email can serve multiple purposes. Email could serve as a communication tool for scheduling appointments, sharing general health information, or communicating non-urgent matters. It can also facilitate internal communication within the healthcare team, including discussing patient care or sharing necessary documents. Additionally, email is also often used for communication with patients including appointment reminders, billing, and general updates.

Email and HIPAA compliance

The HIPAA compliance of email services depends on the specific email platform being used. Key factors include whether the platform can secure PHI (Protected Health Information) via encryption, whether the service provider is willing to sign a Business Associate Agreement (BAA), and whether appropriate access controls can be implemented. It is important to note that while several email platforms like Gmail, Outlook (as part of Office 365), and ProtonMail can be configured to be HIPAA compliant, they are not inherently so, and the onus lies on the user to ensure that they adhere to the necessary configurations and usage guidelines to maintain HIPAA compliance.

Staying HIPAA Compliant

Take a look at our ultimate guide to HIPAA compliant software and services for help selecting compliant service providers. Though careful vendor evaluation and selection is only one piece of the puzzle for maintaining HIPAA compliance. At TeachMeHIPAA, we offer an affordable HIPAA training solution to ensure your staff are knowledgeable in how to comply, and to help you meet your legally mandated HIPAA training requirement with ease. Learn more about our tips and tricks for maintaining compliance with our HIPAA compliance blog