Encrypted e-mail is Mandatory under HIPAA: Final Rule

 No, it’s not, but that is the perception many healthcare providers have. Should data transfer security (ie. email security) be a concern? Absolutely!

While it is not mandatory that PHI be transferred using encrypted e-mail, dentists do need to give consideration as a means to reduce risks of a breach (unauthorized access), which can adversely affect their practice.

Two of the more common scenarios I encounter are dentists who have NO written HIPAA policies and procedures and those who have not updated their policies since 2003.

There have been substantial changes and new requirements since HIPAA’s effective date in April 2003. Most recently, the Feds issued the “Final Rule” in January 2013. There are a few changes you need to know about. I will cover in a later post, so stay tuned.

My recommendation to dentists everywhere – get your hands on a good HIPAA policy manual. There are a few on the market. My team and I are putting the finishing touches on our dental-specific manual and expect to have it ready in a couple weeks.

·      Customize your manual.

·      Implement and train your staffs on your policies.

·      Enforce your policies.

·      Be matter-of-fact about the changes with your patients and staff.

The consequences for non-compliance with HIPAA regulations are more serious than they’ve ever been. Can you get by without complying? Well, it is like speeding in an automobile. For many, the perception is that it’s only illegal when we get caught, and then we have a mess to clean up (unless you enjoy getting speeding tickets).

Need help creating or updating your HIPAA policies? We do that! I am a HUGE fan of the K.I.S.S. (Keep It Super Simple) method.

Encrypted email service we recommend because they are simple, cheap and work with the technology you have!



We’ll talk again soon!

– Tink