ARTICLE
QUESTION: What are other providers doing to comply with HIPAA related to PHI in email? Do you pay for email encryption solutions? If not, what other methods are being used to secure email? We pay for an email encryption solution through Citrix ShareFile. https://www.sharefile.com/industries/healthcare All emails containing PHI sent outside of our network are required to be sent through ShareFile. There is an Outlook plug-in that allows the email to be encrypted from our usual email application. All employees are required to zip and encrypt all email communications outside of our domain (emails within our domain are automatically encrypted). We use a product called 7Zip which is a free open source product which can zip in ZipCrypto format allowing the user to choose a password which they then share with the outside recipient. Currently we are not utilizing any method of encryption solution for email communications. We are simply providing training and specific guidelines for expectations when sending PHI. We are in the process of implementing a new tool offered through Microsoft Office 365. This tool/update allows the user to encrypt the email prior to sending. It also offers a few additional features, like the option to restrict forwarding of the email. This information is a compilation of suggestions, ideas, and opinions shared by INARF Members in response to the featured question. This information should not be considered official interpretation or guidance of State or Federal Policy. Additionally, statements within this document do not necessarily reflect an official position or opinion of INARF.
QUESTION: What are other providers doing to comply with HIPAA related to PHI in email? Do you pay for email encryption solutions? If not, what other methods are being used to secure email?