email encryption for Hippa requirements

[stevedmd]

Hello,
I have been using sonic for many years for my personal and business email server. Due to federal and state regulations I am now forced to send information from my business (Dentistry) that is sensitive to Hippa regulations ie: Dental bills which contain info about services performed, or transfers of records to both patients and other health care providers. Questions: Are you knowledgeable about Hippa encryption requirements? How can this be accomplished through Sonic.net email

[jerrielm]

Hello,
I have been using sonic for many years for my personal and business email server. Due to federal and state regulations I am now forced to send information from my business (Dentistry) that is sensitive to Hippa regulations ie: Dental bills which contain info about services performed, or transfers of records to both patients and other health care providers. Questions: Are you knowledgeable about Hippa encryption requirements? How can this be accomplished through Sonic.net email

Hello!

Sadly, Sonic does not have much Hippa information regarding regulation. I was able to search for Hippa resources via their website. This might help you understand what is needed. https://www.hhs.gov/hipaa/for-professio ... index.html

Best Wishes!

[stevedmd]

thanks!

[virtualmike]

Are you a member of any professional organizations? Often, they will have resources to help with this sort of thing. It may require hiring a consultant or a service to set up or manage this for you.

[stevedmd]

yes i am pursuing other options but i had hoped sonic had something to offer oh well.

[kyle.depasquale]

yes i am pursuing other options but i had hoped sonic had something to offer oh well.

I used to work for a health tech company, which was subject to HIPAA regulations. For what it's worth, there aren't any explicitly defined encryption requirements put forth by HIPAA. There is the HIPAA security rule, which requires electronic patient data to be protected, but the rule is extremely vague about how this must be done, and encryption or other technical safeguards are only one part of meeting HIPAA guidelines.

The AMA provides a good high-level overview of this, but essentially there's not a simple technical safeguard that Sonic or any other vendor could put in place to that would make something HIPAA compliant. Meeting HIPAA requirements requires a number of safeguards working together.

[virtualmike]

If it helps to know, almost every health provider who communicates with me has its own secure mail system. When the various providers send me messages, I get emails in my regular box that simply tell me that I have new messages in one of the secure mailboxes.

[stevedmd]

Thanks!

[dancingsnails]

When I worked in healthcare IT I was always careful about not putting PHI in email. If nothing else, it was clear that I wasn't given permission from the patient to do so, and even in our company email system there weren't the kind of audit trails and such that would make it copasetic. However I think if a patient initiates an email conversation - or explicitly gives permission, you can be a fair bit more lax. Here's the HSS guidance on it (which is what really matters in terms of not getting yourself in trouble).
https://www.hhs.gov/hipaa/for-professio ... index.html