Is Email HIPAA compliant?

In the context of healthcare, email can serve multiple purposes. Email could serve as a communication tool for scheduling appointments, sharing general health information, or communicating non-urgent matters. It can also facilitate internal communication within the healthcare team, including discussing patient care or sharing necessary documents. Additionally, email is also often used for communication with patients including appointment reminders, billing, and general updates.

The HIPAA compliance of email services depends on the specific email platform being used. Key factors include whether the platform can secure PHI (Protected Health Information) via encryption, whether the service provider is willing to sign a Business Associate Agreement (BAA), and whether appropriate access controls can be implemented. It is important to note that while several email platforms like Gmail, Outlook (as part of Office 365), and ProtonMail can be configured to be HIPAA compliant, they are not inherently so, and the onus lies on the user to ensure that they adhere to the necessary configurations and usage guidelines to maintain HIPAA compliance.

Take a look at our ultimate guide to HIPAA compliant software and services for help selecting compliant service providers. Though careful vendor evaluation and selection is only one piece of the puzzle for maintaining HIPAA compliance. At TeachMeHIPAA, we offer an affordable HIPAA training solution to ensure your staff are knowledgeable in how to comply, and to help you meet your legally mandated HIPAA training requirement with ease. Learn more about our tips and tricks for maintaining compliance with our HIPAA compliance blog.