HIPAA is a federal law that protects the privacy of health information. It applies to all PHI, including individually identifiable health and mental health information. The privacy rule states that any person may only disclose PHI after he or she has given their consent. Authorizations must include specific information required by the Privacy Rules. In addition, covered entities must give individuals access to their own PHI and keep a record of disclosures.
In order to comply with HIPAA requirements, covered entities must ensure that any vendor that handles patient information is compliant with the law. Compliance is often assured through clauses in the contract. For example, a company needs to determine if a vendor outsources data handling functions to other vendors. Then, the company must monitor the control measures in place by enforcing these controls. It is important to monitor a vendor's contract for compliance and to review its controls for compliance.
Another option is Gmail, but that does not meet HIPAA requirements. In order to stay HIPAA compliant, users of Gmail must make sure that their emails are encrypted.
Luckily, Google provides a service that encrypts emails both during transit and at rest. But, Gmail's free version isn't HIPAA-compliant. For this, they recommend Google's G Suite, which combines Gmail with security features. If you are considering an IT, VoIP, or REIT operation for your needs be sure to check their qualifications as well as if they have their own internal processes. Many national operations are outsourced leaving you to non-compliance. Shop local and always go with a Certified engineer for business. Keatings Communications provides HIPAA compliance for your operations on our VoIP and Data networks. Serving with over eighteen years of certified engineering we know the business technology solutions that are best for efficiency, security, and the scalability your operations need.