Encrypted Email: Why You Need It
If you are like most dental practices, you have gone through the steps to encrypt the data on your server. Your backups are encrypted, your shared folders are encrypted, and maybe even your PCs. But if you haven’t implemented encrypted email into your practice, then you have a big gaping hole in your overall security. It’s time to plug that hole, encrypt your email address, and gain HIPAA compliance by meeting the requirements for encryption.
HIPAA: Data in Motion Must be Encrypted
The specific requirement for data encryption in a HIPAA compliant practice, is that your data must be encrypted while it is in transit. There are 2 major areas to address for this requirement: your backups, and your emails.
Implementing HIPAA compliant email encryption doesn’t have to be a hassle for you, or for your recipients. Many companies, such as RPost, have tools that integrate seamlessly with Outlook or the web, and create a clear option for selecting whether or not an email is to be encrypted.
Make it Easy for your Recipients
The biggest factor keeping dental practices from implementing encrypted email is their concern over the complexity of opening the email on the receving end. However, it doesn’t have to be difficult for them. While some services demand that recipients make an account and remember yet another password, others allow you to encrypt your attachments and your email with just a couple of clicks. Stay away from services that require your recipients to create a password, and you’ll have happy specialists.
Aside from the compliance requirements, email encryption is extremely important in keeping your data secure. Some programs developed by nefarious individuals scour email servers for free-text, specifically looking for Names, Birthdates, SSNs, credit cards, and other easily searchable free-text data.
When you send an email, your message bounces through dozens of relay servers before reaching its destination. These relay servers can be anything from secure servers set up by internet service providers, to home or business servers set up to be a relay. Since it is very easy to make a relay server for emails, it’s impossible to assess them for security, and they could easily be a point of data breach.
If your email is encrypted end-to-end, this means that if any of these relay servers are compromised, you are completely protected from breach. These hackers are looking specifically for the low-hanging fruit of personal information in free, searchable text.
Finding a Service Provider
Performing a google search for “encrypted email” brings up many options, which range in price; but, how do you know which one to pick?
- First of all, the provider must sign a Business Associate Agreement (BAA) with you if they will be encrypting your email in order to claim HIPAA compliance. If you find a service you wish to try, your first step should be an email to them asking for a BAA. If they don’t provide one, they aren’t compliant, and may not have the proper safeguards against your data. Job #1 should be to narrow down your choices to HIPAA compliant email encryption providers.
- You’ll want your encrypted email to be encrypted while your data is on your PC, and not when its already in transit. This important piece of the puzzle is the whole point – secure, end to end encryption must begin on your computer, and end on the recipient’s PC or mobile device.
- You’ll want return receipts, or the ability to track whether or not an email has been opened. This creates proper audit trails for your emails in the event that a breach does occur.
If you’d like to try out our solution, you can start a free trial with RPost, our preferred email encryption provider.
Read more about Why Email Encryption Matters in our previous article linked here.