More Than Just a Free Newsletter
Become a Tame Your Practice member for FREE and receive our newsletter, special offers, and exclusive members-only content.
HIPAA Compliant Email For Therapists
As a mental health professional, you’ve probably been hearing a lot about how you should encrypt your email communications with clients. This is true, with some caveats. First, it’s all about the Protected Health Information, or in this case Electronic Protected Health Information (ePHI). Encryption comes into play when your transmitting or storing this information that identifies a client and relates to their care. This can be as simple as an appointment reminder. It’s important that HIPAA doesn’t explicity require encryption. But it does consider it “addressable”. In HIPAA-speak this means that, if it’s reasonable to implement, you need to do it or document an thorough reasoning for why you did not employ that measure. Encryption is certainly reasonable to implement when it comes to email.
Okay, so how do I make this happen?
There are a lot of different ways to make this happen. There are too many vendors that can help with encryption to mention. The one that I feel is the best fit for most mental health professionals is Hushmail. There are four primary reasons for this:
- Friendly Interface – Hushmail is a web-based email platform so anyone who has used services like Gmail, Yahoo, or Hotmail will find it easy to transition to Hushmail.
- HIPAA Friendly – Hushmail as a vendor, complies with HIPAA and will sign a Business Associate Agreement with you making it easier for you to maintain compliance.
- Business Friendly – You can use one of your own domains with Hushmail for a more professional appearance.
- Secure Contact Forms – Hushmail for Heathcare accounts come with the ability to integrate secure contact forms into your web site at no additional cost. This allows you to secure communications even from new/potential clients. Tame Your Practice can even integrate the form into your web site for you!
- Electronic signatures – you can add electronic signature fields to your web forms to collect legally binding e-signatures from your clients (available on select plans)
I’ve been using Hushmail myself since 2010 and am quite happy with the product and customer service.
Sign up for Hushmail through our links and you’ll receive a lifetime 15% discount!*
Want to see how easy it is to use? Check out this video:
I previously had a video here demonstrating how easy Hushmail is to use. However, it’s gotten even EASIER, so I’ve taken the video down until I can update it.
But I heard that Gmail was HIPAA compliant now?
There are a couple of significant caveats to this:
- GSuite Only – You have to be using the paid version of Gmail through GSuite in order to get a Business Associate Agreement with Google.
- Limited to Google’s Servers – The security/encryption of a Google for Works account really only applies to storage on their servers. No encryption is supplied when sending an email. So, while you can be in compliance with regard to the storage of emails on the server, you’ll still need to address securing emails that you send to clients.
It is possible to address concern #2 through informed consent with clients. HIPAA values client autonomy, therefore if they ask you to send ePHI through unsecure means, you’re covered. (HIPAA doesn’t require it, but I recommend you document this in some way). This type of agreement works really well for low risk items like appointment reminders. It’s not, however, a great solution for more significant confidential data. While you might tell clients simply not to email you in such detail, more and more clients want that convenience.
For these reasons, I’ve found Hushmail to be a great fit for most of the therapists I’ve talked to and spoken with.
Want to be sure Hushmail is a good fit for your practice? This is a great topic for an affordable 20 minute consultation.
**We have an affiliate relationship with Hushmail and receive compensation for purchase through our links. We only establish these relationships with companies and tools that we use ourselves!
Similar articles you might be interested in!
Tame Your Practice membership is free and provides therapists access to exclusive content, discounts, and deals from partners!
Recommendations for technology, web sites, secure email, phone, credit card processing, therapy tools/interventions, podcasts, and much more!
Health Information Exchanges (HIE) are an initiative related to the Affordable Care Act and the HITECH Act. Their purpose is to ease the communication between the EHR/systems of various providers of health care, because the EHRs themselves are behind in doing so (i.e. interoperability).
About the Author
Rob has been covering technology and business news for mental health professionals since 2011. His extensive experience in IT, business, and private practice allow him to synthesize information in a friendly, digestible manner. He also enjoys time with his family, ultimate frisbee, and board gaming.