Does encrypted email satisfy HIPAA?

March 25, 2015
Mike Uretz
Mike Uretz
Mike Uretz

Mike Uretz is a nationally-recognized Dental software and Electronic Health Records (EHR) expert. Mike has helped hundreds of individual practices and multi-clinic groups properly evaluate and select software vendors and solutions, structure and negotiate pricing and contracts, provide implementation oversight and vendor management. Mike was a member of the Certification Commission for Health Information Technology EHR vendor certification workgroup, and has been a member of various federal and state working committees for EHR business practices and policy. Having been involved with the EHR Incentive program from day one, Mike has helped a number of states, to evaluate and select EHR vendors, structure contracts and agreements, and manage vendor issues. As co-chairman of the Best practices advisory committee for EHR Contracts, Mike has been instrumental in developing standards for structuring vendor contracts and pricing for use by state programs nationwide He is the founder and editorial director of DentalSoftwareAdvisor.com, a trusted and objective online resource on all matters related to dental software. He is also the point person for Advanstar’s coverage of dental EHRs and their evolving role in the dental industry and can be reached by e-mail at mikeu@dentalsoftwareadvisor.com.

Secure patient communication is a vital concern for health professionals nationwide. As the industry continues to move towards secure electronic communication methods many dental professionals are worried about maintaining HIPAA-compliant patient communications.

Secure patient communication is a vital concern for health professionals nationwide. As the industry continues to move towards secure electronic communication methods many dental professionals are worried about maintaining HIPAA-compliant patient communications.

I get calls every day from professionals that are under the impression that simply using email encryption software makes them HIPAA-compliant. This is a false impression.

This week, I conducted a podcast with Brightsquid CEO Rohit Joshi, who is also a licensed attorney, to discuss the secure transfer of patient information and what it takes to be HIPAA complainant in this arena. HIPAA compliance goes beyond the simple use of encryption software. Email encryption helps prevent a message from being read along the way to its recipient. But this alone does not align with HIPAA Compliance.

More from Uretz: Steps on how to choose and implement electronic health record software

There is a whole list of requirements practices must follow in order to be HIPAA compliant with their electronic communications. And there are a number of companies, including BrightSquid, that provide services supporting these requirements

The bottom line is, encrypted emails alone do not support full HIPAA compliance, and dental practices that do not take every step to secure this information may be opening themselves up to HIPAA violations.

About the authorMike Uretz is a nationally recognized dental software and electronic health records (EHR) expert. He is the founder of DentalSoftwareAdvisor.com as well as the Dental EHR Editor for Dental Products Report and conducts a popular weekly podcast on dental software related topics. As a leading industry consultant, Uretz has helped both individual and group practices properly evaluate and select software vendors and solutions, structure and negotiate pricing and contracts and provide implementation oversight and vendor management.Mike can be reached at mikeu@dentalsoftwareadvisor.com.

More from Uretz: Do we really need an extension on the New York ePrescribing mandate?