In recent months we’ve been highlighting Hushmail for Healthcare and Hush Secure Forms in our blog. Hushmail for Healthcare is our most popular business account and for good reason. This account gives healthcare businesses of all sizes peace of mind knowing their communications with clients and patients are secure and HIPAA compliant.
However, we understand that Hushmail for Healthcare isn’t for everyone. The Health Insurance Portability and Accountability Act (HIPAA) can be confusing, and it’s not always clear who needs to concern themselves with HIPAA. Do you know if you need to follow HIPAA guidelines and would benefit from a Hushmail for Healthcare account? Or would one of our other accounts meet your requirements?
In today’s post, we’re going to explain a little about HIPAA-covered entities and Business Associate Agreements (BAAs) and then lay out the key features of our Hushmail for Healthcare account so you can determine if this is the right account for you. We’ll also explain the highlights of our other accounts, and help you decide if one of these accounts would suit you better.
By the end of this post, you’ll know exactly where you fit in the Hushmail family.
What is a HIPAA-covered entity?
HIPAA was signed into law in 1996 to help ensure privacy of health information, security of electronic records, more efficient administration, and insurance portability. Since HIPAA became law, healthcare organizations and providers have been learning best practices to achieve compliance with the rules. It’s been a long road, and many healthcare organizations still aren’t getting it right.
The good news is that for small- and medium-sized practices, it’s much easier than it is for larger organizations to control how the electronic protected health information (ePHI) you handle is collected, stored, and transferred; Hushmail provides communication services that can help.
Let’s figure out if HIPAA applies to you. According to HHS, a HIPAA-covered entity is a health care provider, a health plan, or a health clearinghouse. Take a look at the HHS table below:
A covered entity is one of the following:
A health care provider
This includes providers such as:
- Nursing Homes
...but only if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard.
A health plan
- Health insurance companies
- Company health plans
- Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs
A health care clearinghouse
This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
If you still aren’t sure you’re a covered entity, the Covered Entity Guidance tool, provided by the Centers for Medicare & Medicaid Services (CMS), will walk you through a series of questions to help determine your status.
How Hushmail for Healthcare Supports HIPAA-covered entities
If you’re a HIPAA-covered entity, our Hushmail for Healthcare account supports your HIPAA compliance in three ways.
Encryption (email and web forms). The HIPAA Security Rule allows electronic transmission of ePHI as long as you satisfy the requirements to make sure the information is secure. A reliable, encrypted email and web forms service allows you to take advantage of the benefits of online communication, while helping you to stay in compliance with HIPAA and ensuring peace of mind for you and your patients.
Archived emails. HIPAA has retention requirements around your compliance and privacy policies requiring you to retain documentation such as policies and procedures, security risk analyses, and complaint and resolution documentation for six years.
Hushmail’s separate archive account ensures that you have a record of all the communications that took place within your domain and helps to provide evidence of your compliance in the event of an audit. Also, if a client or a court requires particular records, the archive provides easy access to every interaction.
A Business Associate Agreement (BAA). Did you know that HIPAA requires a BAA from every service provider you use that could be exposed to your patients’ PHI? While the HIPAA Privacy Rule establishes the standards that healthcare organizations need to follow to protect PHI, it only applies to covered entities such as your practice. Most likely you rely on third parties that aren’t HIPAA-covered entities to carry out a variety of services from accounting to email.
Fortunately, you’re permitted to disclose PHI to these third parties, known as “business associates,” as long as they agree to accept responsibility for taking appropriate safeguards and complying with the HIPAA requirements to prevent the use or disclosure of the PHI. This acceptance is documented in a BAA, which you are required to obtain from any third party that potentially could be exposed to your patients’ PHI.
When you sign up for a Hushmail for Healthcare account, you will be asked to sign a BAA. Once the BAA has been signed by both parties, responsibility for protecting the PHI sent through Hushmail services is transferred from you to Hushmail, fulfilling your legal obligation under HIPAA.
Is Hushmail for Healthcare right for you?
Are you a HIPAA-covered entity?
_____ Yes. A Hushmail for Healthcare account is your best-fit account.
_____ No. A different Hushmail account might be a better choice for you. Read on to learn more.
Hushmail for Small Business
If you have a small business, and you know that you’re not a HIPAA-covered entity, Hushmail for Small Business might be the perfect account. It includes encrypted email and web forms, email aliases, and the option to use your own domain name. If you need the email archiving feature, you can add that on with the Small Business Plus option. The monthly fee is per user so we can continue to meet your communication needs as you grow your business.
Is Hushmail for Small Business right for you?
Are you a small business, but not a HIPAA-covered entity, attorney, or nonprofit organization?
_____ Yes. Hushmail for Small Business is the Hushmail account for you. Sign up today and try it out for 60 days.
_____ No. Hushmail for Healthcare, Hushmail for Law, or Hushmail for Nonprofits might better suit your needs. Read on to learn more.
Hushmail for Law
Attorneys require special consideration when it comes to their communications. Confidentiality is paramount, and a Hushmail for Law account supports the claim of attorney-client privilege for attorneys practicing in the US, UK, and Canada, with a signed agreement providing extra protection of your client communications. Additionally, the account includes email archiving in a separate account to help you document emails as part of your files.
Is Hushmail for Law right for you?
Are you an attorney practicing in the US, UK, or Canada?
____ Yes. Hushmail for Law is the right account for you.
____ No. Consider Hushmail for Small Business or read about Hushmail for Nonprofits below to discover your best-fit account.
Hushmail for Nonprofits
Hushmail loves to support the good work nonprofits do every day by providing Hushmail services at a special rate. We do this in two ways. If you’re a nonprofit and a HIPAA-covered entity needing a Hushmail for Healthcare account, we will give you a discount on this account. If you’re a nonprofit but not a HIPAA-covered entity, you can sign up for a Hushmail for Nonprofits account and benefit from everything that’s included with a Small Business account at a special price.
Is Hushmail for Nonprofits right for you?
Are you a nonprofit?
_____ Yes. Hushmail for Nonprofits may be the perfect account for you. Read on to find out.
_____ No. Hushmail for Nonprofits isn’t the account for you. Try out one of the other accounts listed above free for 60 days, or reach out to our Customer Care Team and one of our specialists will help you decide the perfect account for your business.
Are you a HIPAA-covered entity?
_____ Yes. Hushmail for Healthcare is the account for you. Be sure to mention that you’re a nonprofit when you sign up so you can receive your discount.
_____ No. Hushmail for Nonprofits is the perfect account for you.
We hope this post has helped clarify how Hushmail can best help your business. All Hushmail accounts include at least 10 GB of storage, industry-standard OpenPGP encryption, at least two web forms (add more as you grow), mobile/desktop access, and dedicated customer support.
We’d love to welcome you into the Hushmail family. Why not call today and let one of our Customer Care Specialists help you set up an account?
| Hushmail provides several different accounts that provide encrypted email and web forms tailored for specific industries. Our most popular account, Hushmail for Healthcare, is the perfect account for healthcare businesses. However, if you aren’t a HIPAA-covered entity, a different account might be a better fit.