In a recent survey by MedData Group, 272 respondents examined the top security concerns among healthcare professionals (hospital administrators, physicians and healthcare IT professionals). Email and messaging systems were named by respondents as the top security risk among information assets. Email and messaging systems don’t need to be a major threat, though. By following security best practices and using encrypted email, you can keep your patient information safe – and keep your organization HIPAA compliant.
The diagram on the right shows how email encryption works. In a nutshell, though, it protects your emails from being read by someone other than the intended recipient. When you’re dealing with sensitive data – like patient information – this is vital. We typically recommend Office 365 for our clients looking for email encryption. We’ve covered why in a previous blog post.
Email encryption rules can vary by organization even within Office 365. You can set up rules based on your needs. For example, we configure our clients email to require adding the word **Encrypt** in the subject line.
The image below show email encryption in action. Here is what the recipient will see:
If your recipient does not have an Office 365 account or Outlook.com account, they can create a one-time passcode to retrieve the message, allowing you send encrypted emails to individuals outside of your organization.
If you’re sending emails containing any personal information (Social Security numbers, birthdays, medical information, etc), encrypt the email. Err on the side of caution – if you’re not sure if an email should be encrypted or not, turn on encryption. It’s better to be safe than sorry when it comes to protecting sensitive information.
Email encryption is already included in several Office 365 plans or it can be added to other plans for a small monthly fee. If you have any questions about email encryption or would like to add it to your company’s plan, please contact us.