In recent months we’ve been highlighting Hushmail for Healthcare and Hush Secure Forms in our blog. Hushmail for Healthcare is our most popular business account and for good reason. This account gives healthcare businesses of all sizes peace of mind knowing their communications with clients and patients are secure and HIPAA compliant.
However, we understand that Hushmail for Healthcare isn’t for everyone. The Health Insurance Portability and Accountability Act (HIPAA) can be confusing, and it’s not always clear who needs to concern themselves with HIPAA. Do you know if you need to follow HIPAA guidelines and would benefit from a Hushmail for Healthcare account? Or would one of our other accounts meet your requirements?
In today’s post, we’re going to explain a little about HIPAA-covered entities and Business Associate Agreements (BAAs) and then lay out the key features of our Hushmail for Healthcare account so you can determine if this is the right account for you. We’ll also explain the highlights of our other accounts, and help you decide if one of these accounts would suit you better.
By the end of this post, you’ll know exactly where you fit in the Hushmail family.
HIPAA was signed into law in 1996 to help ensure privacy of health information, security of electronic records, more efficient administration, and insurance portability. Since HIPAA became law, healthcare organizations and providers have been learning best practices to achieve compliance with the rules. It’s been a long road, and many healthcare organizations still aren’t getting it right.
2018 was a record-breaking year for HIPAA enforcement with settlements totaling $28.7 million, $5.2 million more than 2017. |
The good news is that for small- and medium-sized practices, it’s much easier than it is for larger organizations to control how the electronic protected health information (ePHI) you handle is collected, stored, and transferred; Hushmail provides communication services that can help.
Let’s figure out if HIPAA applies to you. According to HHS, a HIPAA-covered entity is a health care provider, a health plan, or a health clearinghouse. Take a look at the HHS table below:
A health care providerThis includes providers such as:
...but only if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard. |
A health planThis includes:
|
A health care clearinghouseThis includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
|
https://www.hhs.gov/hipaa/for-professionals/covered-entities/index.html
If you still aren’t sure you’re a covered entity, the Covered Entity Guidance tool, provided by the Centers for Medicare & Medicaid Services (CMS), will walk you through a series of questions to help determine your status.
If you’re a HIPAA-covered entity, our Hushmail for Healthcare account supports your HIPAA compliance in three ways.
Encryption (email and web forms). The HIPAA Security Rule allows electronic transmission of ePHI as long as you satisfy the requirements to make sure the information is secure. A reliable, encrypted email and web forms service allows you to take advantage of the benefits of online communication, while helping you to stay in compliance with HIPAA and ensuring peace of mind for you and your patients.
Archived emails. HIPAA has retention requirements around your compliance and privacy policies requiring you to retain documentation such as policies and procedures, security risk analyses, and complaint and resolution documentation for six years.
Hushmail’s separate archive account ensures that you have a record of all the communications that took place within your domain and helps to provide evidence of your compliance in the event of an audit. Also, if a client or a court requires particular records, the archive provides easy access to every interaction.
A Business Associate Agreement (BAA). Did you know that HIPAA requires a BAA from every service provider you use that could be exposed to your patients’ PHI? While the HIPAA Privacy Rule establishes the standards that healthcare organizations need to follow to protect PHI, it only applies to covered entities such as your practice. Most likely you rely on third parties that aren’t HIPAA-covered entities to carry out a variety of services from accounting to email.
Fortunately, you’re permitted to disclose PHI to these third parties, known as “business associates,” as long as they agree to accept responsibility for taking appropriate safeguards and complying with the HIPAA requirements to prevent the use or disclosure of the PHI. This acceptance is documented in a BAA, which you are required to obtain from any third party that potentially could be exposed to your patients’ PHI.
When you sign up for a Hushmail for Healthcare account, you will be asked to sign a BAA. Once the BAA has been signed by both parties, responsibility for protecting the PHI sent through Hushmail services is transferred from you to Hushmail, fulfilling your legal obligation under HIPAA.
Are you a HIPAA-covered entity?
_____ Yes. A Hushmail for Healthcare account is your best-fit account.
_____ No. A different Hushmail account might be a better choice for you. Read on to learn more.
If you have a small business, and you know that you’re not a HIPAA-covered entity, Hushmail for Small Business might be the perfect account. It includes encrypted email, email archiving, email aliases, and the option to use your own domain name.
Are you a small business, but not a HIPAA-covered entity, attorney, or nonprofit organization?
_____ Yes. Hushmail for Small Business is the Hushmail account for you. Sign up today and try it out for 60 days.
_____ No. Hushmail for Healthcare or Hushmail for Law might better suit your needs. Read on to learn more.
Attorneys require special consideration when it comes to their communications. Confidentiality is paramount, and a Hushmail for Law account supports the claim of attorney-client privilege for attorneys practicing in the US, UK, and Canada, with a signed agreement providing extra protection of your client communications. Additionally, the account includes email archiving to help you document emails as part of your files.
Are you an attorney practicing in the US, UK, or Canada?
____ Yes. Hushmail for Law is the right account for you.
____ No. Consider Hushmail for Small Business or read about Hushmail for Nonprofits below to discover your best-fit account.
We hope this post has helped clarify how Hushmail can best help your business. All Hushmail accounts include at least 10 GB of storage, industry-standard OpenPGP encryption, mobile/desktop access, and dedicated customer support.
We’d love to welcome you into the Hushmail family. Why not call today and let one of our Customer Care Specialists help you set up an account?
Hushmail provides several different accounts that provide encrypted email and web forms tailored for specific industries. Our most popular account, Hushmail for Healthcare, is the perfect account for healthcare businesses. However, if you aren’t a HIPAA-covered entity, a different account might be a better fit. |