If you're a healthcare practitioner, you probably need business associate agreements (BAAs) with service providers like email, telehealth, and your...
Why you need an email account that’s just for healthcare
If you’re a healthcare professional of any kind, you need an email account that has been created with healthcare in mind. Here’s why you need a healthcare email account for your practice.
If you’re going into private practice for the first time, you’re likely facing a lot of decisions about how to set up your practice so it runs efficiently. Even if you’ve been in private practice for a while, there are probably still some improvements you could make in how you manage your business – perhaps particularly when it comes to communication.
One of the biggest challenges is figuring out how to communicate with your clients and collect information. One way, of course, is with email.
Email is ubiquitous enough that you can expect most, if not all, of your clients will have an email account. And because email lacks the intrusive quality of text messaging and can provide more security, it’s often the preferred communication choice. So why not just grab any new email account to use for your practice and get started?
For many reasons, and that’s what we’re talking about in today’s blog post.
If you’re a healthcare professional of any kind, you need an email account that has been created with healthcare in mind. The communication you engage in is special, and it needs to be handled in a certain way. Read on to find out why you need a healthcare email account for your practice.
HIPAA requires secure email
The first reason, and the most important, is very simple. HIPAA requires all covered entities to secure electronic protected health information (ePHI) when it’s transmitted online. Are you a covered entity? If you accept insurance, you are. Even if you don’t accept insurance, it’s a good practice to function as if HIPAA still applies to you. Simply put, you want your clients’ most sensitive information to be safe when it’s going back and forth online. This is not merely good practice. Protecting client information is likely a professional requirement depending on your local jurisdiction.
A reliable, encrypted email allows you to take advantage of the benefits of online communication, while helping you to stay in compliance with HIPAA and ensuring peace of mind for you and your clients.
Some email services claim to provide secure email and even claim to be HIPAA compliant but only offer the bare minimum encryption. For any email service to legitimately claim to be HIPAA compliant, they must provide a signed Business Associate Agreement (BAA) that affirms their willingness to accept responsibility for the safety of your clients' ePHI.
Not all secure email is created equal. Some provide only TSL encryption, which protects data when it’s traveling from you to your client but only if it’s also supported by your clients’ email server. That’s not guaranteed. A better bet is an email service that provides TSL and OpenPGP encryption, which encrypts data while it’s en route and also in storage.
So be sure to do your homework. For the most part, you can count on a signed BAA as assurance that an email service is secure enough to meet the HIPAA requirements.
HIPAA requires document retention, which means you need an archive
HIPAA has retention requirements around your compliance and privacy policies requiring you to retain communication, documentation such as policies and procedures, security risk analyses, and complaint and resolution documentation for six years.
Maintaining an archive is worth the effort. Consider the case in 2020 of Athens Orthopedic Clinic PA. The clinic, which employs approximately 400, was fined $1,500,000 for a number of HIPAA rule violations, including failure to maintain copies of their HIPAA policies and procedures and failure to enter into business associate agreements with three of its business associates. Although the investigation occurred in response to a cybercriminal breach, it was the “systemic noncompliance with HIPAA rules” that led to the hefty fine.
But if you’re not a covered entity, why worry about having an archive? Maintaining a designated archive is a best practice for the management of any healthcare practice. There are multiple scenarios that could arise requiring you to quickly access records of your communications. If a client or a court requires particular records, your archive provides easy access to every interaction.
Practice forms attached to your email are so much easier
HIPAA isn’t the only reason to get an email service designed just for healthcare. There’s also practicality to consider.
When you sign up for a healthcare-specific account, you can expect that time and thought has gone into making sure that the service meets the unique needs of healthcare professionals. One of those needs is a convenient solution for your practice forms.
There are many services out there that will allow you to make your own online forms or use their templates. Some of them are connected with an email provider. However, unless you’re working with a service that’s specifically tailored to healthcare, you could find yourself struggling to get the secure practice forms you need.
The ease and convenience of choosing your practice forms from a selection of templates takes away the hassle of manually building forms online to replicate the paper forms you’ve been using. Instead, it takes just a few minutes to select a template, customize it, and publish it so you can start collecting your clients’ information that day.
And how about specialized forms such as popular diagnostic instruments like the PHQ-9 depression screening? Wouldn’t it be nice to have a selection of those to choose from to use with your email account?
The right email account tailored with healthcare in mind will offer you these special bonuses that make your life easier.
Hushmail for Healthcare has it all
Few healthcare specialists enjoy spending time getting their technology to work. Unfortunately, that’s the situation many find themselves in, especially when they’re starting a new practice.
It’s easy to fall into the trap of getting your email from one service, your online forms from another, and using something else for signatures. As many frustrated practitioners can attest, putting your communication services together piecemeal is a mistake. Often, separate services don’t work well together, and they usually cost more in the long run, especially when they include the security measures you need for HIPAA.
Fortunately, there are all-in-one services out there, such as Hushmail for Healthcare that give you the seamless communication of email, forms, and e-signatures working together.
A good all-in-one service allows you to create a form, email it to your client, get it signed, track the response, and file it all in one place. With a service that’s HIPAA compliant, the same security measures protect both email and forms, giving you blanket security and peace of mind.
Hushmail developed the Hushmail for Healthcare plan to make practice management as easy as possible for the healthcare professional.
✓ A private message center means your clients don’t need secure email accounts of their own
✓ Signed BAA
✓ Separate archive account
✓ Email, forms, and e-signatures that work seamlessly together in one account
✓ Extras, such as form templates and self-administered questionnaires like the PHQ-9 and GAD-7
✓ A form building service ($50 credit available on select plans)
✓ Dedicated Customer Care team providing free support
Ready to get started with Hushmail for Healthcare?
If you’re a healthcare professional of any kind, the communication you engage in is special, and it should be handled in a certain way. You need an email account that has been created with healthcare in mind to help your practice comply with HIPAA requirements and make your practice management as easy as possible.