Understanding your Hushmail encryption options

Published on May 2, 2019

EncryptionHow you use email to communicate with clients is a very personal decision. Do you require encrypted, HIPAA-compliant email all of the time or only occasionally? Do you feel comfortable sending messages from webmail or do you prefer to use a third-party email app such as Outlook?

These are questions we invite you to consider carefully when you become a Hushmail customer. Hushmail offers encrypted email and web forms so you can communicate with your clients or patients easily and safely. Security is important for keeping your clients’ protected health information (PHI) safe, but different situations call for different levels of protection, and that’s why we help our customers select their encryption settings when we set up their account.

We want to make sure that incorporating Hushmail into your practice is an easy transition, requiring minimal change to your communication habits.

In today’s post, we’re going to take a look at Hushmail’s default encryption settings, applying encryption based on how you like to use email, and how you can configure your settings with the help of Customer Care to best meet your needs.

Hushmail’s default encryption settings

When you sign up for a Hushmail account, you have the option of working with a Customer Care specialist to customize your encryption settings. If you don’t go through this personalized setup, you’ll start out with the default settings that give you the encryption options that work best for the broadest email use:

  • Messages between Hushmail email accounts are always individually encrypted by default.
  • Messages to people who are not Hushmail customers are not individually encrypted by default. In our webmail and iPhone app, they require you to enable an encryption switch. In a third-party email app, you can trigger encryption with a keyword, which we’ll explain later in the post.
  • When the receiving server supports it, Hushmail always sends emails encrypted over TLS, which is the widely used cryptographic protocol used by most email servers to secure messages in transit.

How will you use Hushmail?

The default settings can be changed at any time – whether you are already a customer or about to become one – to better fit how you plan to use Hushmail. Your best setup will depend on whether you use email on the web or use third-party email apps, and on if you need every email to be encrypted or only some of them.

Using webmail, iPhone app, third-party email app, or all three

Encrypting an email is easy, but the method is different depending on if you’re using our webmail and iPhone app, or a third-party email app. All you need to do to individually encrypt a message in webmail or our iPhone app is to select the Encrypt option when composing an email.

If you use a third-party email app, you can ask Customer Care to configure the settings so you  can force encryption with a keyword in the email’s subject line. For example, you could set your keyword as “[encrypt]” and type in the subject line “Session feedback - [encrypt] to trigger the encryption. 

Once you have selected this keyword, you can use webmail, our iPhone app, and a third-party email app, always having the ability to encrypt, or not encrypt, as you choose.

Encrypting all of your email, or only some of it

You might decide to use your Hushmail account for various types of messages, not all of them needing encryption. An email to a client who has questions about their depression screening most likely requires encryption, but an email to a colleague about an upcoming conference might not. This is when it’s nice to be able to choose encryption when you need it either by enabling the Encrypt switch or forcing encryption with a keyword.

On the other hand, perhaps you’ve designated your Hushmail account to only send and receive highly sensitive PHI that needs to be encrypted 100 percent of the time. In this case, Customer Care can configure the account to always encrypt messages with no further action from you. This eliminates the possibility of forgetting to encrypt an email and helps ensure consistent, reliable security.

How to customize your encryption settings

Between the practice that uses one Hushmail account to send both encrypted and regular emails and the practice that requires 100 percent encryption, there are other situations that require special configurations to appropriately secure emails that need to be HIPAA-compliant, while also allowing for flexibility and convenience.

We encourage you to talk to us and describe your best-case scenario. How would you like to use Hushmail?  If you’re signing up for any Hushmail for Business account for the first time, take a moment to go through the setup process with a Customer Care specialist to make sure your encryption settings are the best ones for your practice. If you’re an existing Hushmail customer and would like to adjust your settings, please reach out to us, and we’ll be happy to make that happen.

Don’t have a Hushmail for Healthcare account?

Sign up today.

When you sign up for a Hushmail account, you have the option of working with a Customer Care specialist to customize your encryption settings. Your best setup will depend on whether you use email on the web or use third-party email apps, and on if you need every email to be encrypted or only some of them.