Hushmail Blog

VPNs and HIPAA compliance for small healthcare practices

Written by Hushmail | Nov 15, 2024 4:36:55 PM

Estimated reading time: 4 minutes

 

A secure internet connection and a HIPAA-compliant Electronic Health Record (EHR) system might seem enough to safeguard your practice's digital security. However, third parties could still see what you're up to online, especially if you occasionally work on public Wi-Fi. A VPN can strengthen your online defenses, even outside the office—but what exactly is a VPN?

In this article, we'll break down what VPNs are, how they work, and whether they're HIPAA compliant. We'll also help you choose a reliable provider.

Table of Contents

  1. What is a VPN?
  2. Do you need a lot of technical know-how to use a VPN?
  3. Is a VPN necessary for a small healthcare practice?
  4. Are VPNs necessary if you already have an EHR?
  5. Are VPNs HIPAA compliant?
  6. What’s the difference between VPNs and anti-virus software?
  7. What’s the difference between a VPN and a mobile hotspot?
  8. Does a VPN work with telehealth?
  9. How much do VPNs cost?
  10. Are free VPNs safe to use in a small healthcare practice?
  11. What should I look for in a good VPN provider?

What is a VPN?

VPN stands for virtual private network. It provides an encrypted internet connection that keeps your online activities private. This is especially important if anyone shares your network, like when you’re using public Wi-Fi in a coffee shop.

When you use a VPN and connect to the internet, the program directs you through the VPN provider’s servers instead of your internet provider’s.

VPN Network

Using a VPN is like taking a secret passage from point A to B. It masks your location and your computer’s IP address, making it more difficult for someone else to identify you and see what you’re doing online. For example, if you log onto an airport’s Wi-Fi to check client records before getting on a plane, using a VPN could prevent someone from gathering information about you and your online activities. Since a third party could use this information to access your client records, the VPN also helps keep this valuable data safe.

👉 Key Takeaways

  • A VPN keeps your browsing private, especially on public Wi-Fi.
  • It can help protect sensitive information, such as client records.
  • With a VPN, you don’t need to worry about anyone snooping on your connection.

Do you need a lot of technical know-how to use a VPN?

Luckily, VPNs are easy to use, even if you aren’t very tech-savvy. If you can manage email, you’ll find a VPN just as simple.

Most VPNs work through an app you install on your computer, tablet, laptop, or phone and start up with your device. The setup may take a few minutes, but you’ll hardly notice it running once it's ready. If you want to turn it off or change the settings, click the app icon and follow the prompts.

Is a VPN necessary for a small healthcare practice?

This depends on you and your practice. In some cases, it’s a valuable extra layer of security; in others, having a VPN is essential.

“In a small healthcare practice, keeping patient data secure is crucial. Even if you're using HIPAA-compliant systems, a VPN adds an additional level of security to protect sensitive information from cyber threats. This extra protection helps ensure patient confidentiality, especially when accessing records outside the office.”

Brian Smith,
Chief Technology Officer, Hushmail

If you usually complete all your work, including answering emails, in your office or home using a secure internet connection, then a VPN is great to have. It can help you go the extra mile to defend sensitive information.

However, if you ever use public internet while away from the office (answering emails with coffee shop Wi-Fi, for example), a VPN is critical.

This is because when you use public Wi-Fi, others on the network may be able to see which websites you are visiting. It’s similar to walking down a crowded, public street — others in the area can see who you are and where you’re going.

In more technical language, a third party could find out your device’s unique IP address and the websites you use. This could give them enough information to steal passwords or other confidential data.

Using a VPN defends against these kinds of attacks by giving you a secure and private way to access the internet, even when using public networks.

Are VPNs necessary if you already have an EHR?

VPNs and EHRs serve different functions. Just because you have one doesn’t mean you don’t need the other.

EHRs use encryption to store client information. It’s like putting client data into a locked safe. A VPN protects the privacy of your internet connection, like using a secret passageway to get to the safe. The VPN makes it more difficult for third parties to get information about you and where you’re browsing.

The two services work well together, along with other tools, to provide comprehensive online security.

Are VPNs HIPAA compliant?

In general, reputable VPN services are HIPAA compliant.

Most reliable VPN providers fall under the HIPAA conduit exception. This exception allows businesses that transmit personal health information (but don’t store it) to operate without becoming business associates.

As a result, as long as you work with a reputable VPN provider that does not store your data, you do not need to find one that offers a Business Associate Agreement (BAA).

Don’t forget that HIPAA compliance requires evaluating security risks across all your computer systems and administrative processes. Having a VPN alone doesn’t make you HIPAA compliant.

What’s the difference between VPNs and anti-virus software?

Both VPNs and anti-virus software help to protect your data in different ways.

“A VPN hides your internet activity and keeps your online connections private. Antivirus, on the other hand, protects your computer from harmful software like viruses or malware. So while antivirus stops bad files from getting on your system, a VPN conceals what you're doing online.”

Brian Smith,
Chief Technology Officer, Hushmail

If a VPN is like a secret passageway, anti-virus software is like a guard blocking the entrance to the fortress. They complement each other to establish solid online defenses.

However, the marketplace is also evolving. Some VPN providers, like NordVPN, also offer anti-virus features. NordVPN can block trackers, dangerous websites, and advertisements. It can also scan files you download for malware (aka “malicious software”) that could harm your computer.

What’s the difference between a VPN and a mobile hotspot?

A mobile hotspot is a way to create a portable Wi-Fi network using your smartphone's cellular data. When activated, a hotspot produces a private Wi-Fi network that provides internet access wherever you have cell phone service. A VPN protects your internet connection but does not provide one.

Mobile hotspots share one feature with VPNs: they can help protect your privacy. Because a hotspot essentially makes a password-protected network just for you, it’s more secure than public Wi-Fi.

But, there are disadvantages to mobile hotspots. They only work if you have cell phone service in the area and a plan with large amounts of data. If you travel far away from home, for example, a mobile hotspot likely won’t work. If you do have phone service at your destination, the amount of data a mobile hotspot uses could result in high charges, depending on your plan.

You won’t run into these issues with a VPN. You can use one as long as there is a Wi-Fi connection nearby, whether you have cell service or not. And using a VPN doesn’t eat into your mobile data.

Does a VPN work with telehealth?

A VPN protects all your online activities, including telehealth sessions, by keeping them private and secure.

One word of caution: some VPNs can slow your internet connection, which could lead to delays during video calls. If you plan to use a VPN during telehealth appointments, choose a provider known for fast connections and do a test run before meeting with clients.

How much do VPNs cost?

Most VPNs are quite affordable. You sign up for a subscription, and most plans cost less than $15 per month. With VPNs, a lower price tag can mean poorer service, so it may be better to avoid companies offering bargain-basement pricing.

Are free VPNs safe to use in a small healthcare practice?

While it may be tempting to sign up for a free VPN, be cautious—these VPN services often come with reduced quality, slower speeds, or weaker security. Investing in a reputable provider can ensure better service and more robust protection.

The saying goes that nothing in life is free. To profit from their services, some free VPN providers actively exploit their users by harvesting and selling their data. They may also cut corners on securityN.

Free VPNs tend to be slower, too. Even when more reliable organizations offer free VPN services as a first step towards their paid plans, you don’t get their best offering. They often limit the number of servers you can access, resulting in slower speeds. These plans may also restrict the amount of data and the number of devices you can use.

To keep precious data like passwords and other personal information safe, it’s best to find a reliable, paid VPN provider.

What should I look for in a good VPN provider?

When you sign up for a VPN subscription, you are trusting a company with your private information and the efficiency of your practice. That’s why it’s important to work with a dependable company offering a quality connection.

“When choosing a VPN for your healthcare practice, prioritize a provider with strong encryption and a fast, reliable connection, so your access to patient records isn’t slowed down. Look for a provider that’s known for maintaining high standards of security and compliance. You also want a service that works well with the healthcare tools and systems you already use, without causing access issues or interruptions.”

Brian Smith,
Chief Technology Officer, Hushmail

NordVPN is a high-quality provider recommended by Person Centered Tech, among others. It’s known for its security, speed and reliability.

It has a global network of servers (in 111 countries) and won a speed test against competitors.

NordVPN also uses a gold-standard encryption algorithm (AES-256), which has been approved for use by the federal government of the United States.

At Hushmail, we recommend NordVPN and are pleased to partner with them to offer enhanced online privacy with the Hushmail for Healthcare+NordVPN bundle.

This bundle is an easy and cost-effective way to get best-in-class encrypted email and a VPN at the same time. It includes:

  • Excellent online protection for small healthcare practices at an unbeatable rate
  • Extended threat protection which blocks malware, advertisements, and trackers at a great price you can’t get online
  • Encrypted email through Hushmail for Healthcare

If you’re already a Hushmail customer, you can add NordVPN to your current plan at a reduced rate.

For more on the Hushmail for Healthcare+NordVPN bundle (including pricing), get in touch now!