What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) was signed into federal law in 1996 for two main objectives:

Today, HIPAA has evolved into specific guidelines as to how Protected Health Information (PHI) is sent via email. Specifically HIPAA requires “securing patient records containing individually identifiable health information so that they are not readily available to those who do not need them.”

Important HIPAA links:

• Read the HIPAA law.
• Is your Business a covered entity?
• HIPAA related violations and complaints on the rise!
• HIPAA Legal Opinion for RPost Services
• RPost Blog Posting: "The Overlooked HIPAA Benefits"
• RPost Blog Posting: "Use of Electronic Signatures and Electronic Delivery for HIPAA"

Recent HIPAA Updates
New Legal Issues, Business Risks and Enforcement Actions

The “Stimulus” bill passed in 2009 caught everyone by surprise with its dramatic expansion of HIPAA’s regulatory net. If you are a service provider in the health industry, it is your responsibility to know the new HIPAA compliance mandates. Don’t put your business at risk by standing in the way of expanding enforcement actions.

Key points:

• The great majority of players and their service providers in health care and benefits – all "business associates" under HIPAA -- are now becoming subject to HIPAA's very specific security rules and expanded HIPAA enforcement (from both of which they have always been exempt.
• All of those entities and those previously covered by HIPAA are scheduled to be subject to unique new security breach notification rules in September.
• Research has shown that notification of security breaches results in 20% - 40% customer loss.
• Email encryption is a HIPAA-compliant technical safeguard and a basis for exemption from breach notification requirements in all but two states (and anticipated under the new federal requirements), and it prevents breaches from happening.

Recently expanded HIPAA enforcement:

• State attorneys general can bring civil actions in federal district court against individuals who violate HIPAA.

• Office of Civil Rights (“OCR”) is to investigate and impose monetary penalties for criminal violations of HIPAA if the Justice Department has not prosecuted.

• Civil monetary penalties required due to willful neglect (existing law requires a higher knowledge threshold)

Read the "full text of the provisions of the H.R.1" relating to the new HIPAA measures. (PDF format)

HIPAA Email Compliance Requirements

HIPAA specifically guards against the unauthorized disclosure of a patients’ “individually identifiable health information”. This includes information such as member IDs, social security numbers, doctors’ names, facilities and more.

Because of these regulations and the hefty fines for violations, many health care organizations have avoided using emails for communication all together – instead, opting for sending information via fax or mail adding to their cost and making the entire process that much more difficult to track.

Up until recently, sending HIPAA compliant emails has been a cumbersome task. Email encryption providers often used complex, time-consuming processes that really held no advantage over sending patients communications via fax or email. Additionally, many email encryption services place the burden of proof on the owner.

Read the "full text of the provisions of the H.R.1" relating to the new HIPAA measures. (PDF format)

RPost HIPAA-Compliant Email Encryption

RPost's email encryption service was created specifically with health care organizations in mind. RPost has designed its system to be easy and flexible whether you're sending one or one million emails.

• Works with existing computer and email systems. Whether your office uses PC or Mac, Outlook or other email software, sending a HIPAA-compliant encrypted email is as easy as clicking a button.

• Is guaranteed 100% HIPAA compliant. Unlike other email encryption services, RPost stands behind each email that it sends by providing a Registered Receipt™ email for each email sent, which provides the sending with legally verifiable proof of compliance with data privacy requirements in case the sender is ever in the position of needing to defend their actions or audited for HIPAA compliance.

• Less expensive and never time consuming. Medical offices using RPost for patient communications report on average 85% savings and 95% reduction in administrative time.

Auditable Proof of Compliance

Only RPost can provide an auditable Legal Proof® record of precisely what message content (body text and attachments) was in fact sent and received in an encrypted manner to each intended recipient.

This is important because:

In a data breach, after the email has reached the recipient (in the recipient’s environment, or after they have passed the information along to others), the sender will need to prove that the breach did not happen “on their watch” – that they in fact complied with the data security requirements and delivered the information in a compliant, encrypted manner.

"The encryption capability was one of the main reasons Kapnick Insurance Group started the using RPost service. It was the only encryption solution that met our needs. We looked at many encryption solution providers and selected RPost because it was the most cost effective and user friendly. Our clients love the fact that they can open their encrypted email within moments of receiving it. Before we switched to RPost, our clients had to go through a multi-step registration process to receive their encrypted email.”
-Lynn Tober, network administrator at Kapnick Insurance Group

RPost’s HIPAA compliant Email Encryption service out performs other encryption services because:

• Simple for the sender to use and send encrypted emails
• Sender receives proof of legal delivery, content & time (very different than a useless ‘read receipt’)
• Sender is protected from downstream data breach with auditable proof for compliance
• Receiver accesses encrypted email right in their inbox, no links; high response rate
• Receiver can open and view encrypted emails and attachments ONLINE OR OFFLINE
• Receiver can reply encrypted with one extra click, and no special software
• Simple to implement for sender’s organization – no hardware, no server software/settings
• Includes Registered Email, Electronic Signature and Contracting services among many others
• Sends from Outlook, BlackBerry, iPad, web app, automated and others
• Flexible cost models

View: Secu(R)mail^™, RPost's HIPAA-Compliant Encrypted Email Service

More HIPAA Compliance Resources:

• RPost Customer Video Testimonial
• HIPAA Legal Opinion for RPost Services
• RPost Blog Posting: "The Overlooked HIPAA Benefits"
• RPost Blog Posting: "Use of Electronic Signatures and Electronic Delivery for HIPAA"
• CIAB Buyers Guide