Best HIPAA Compliant Email for Therapists | SecureMyEmail™

  • By Witopia
  • formatted date iconJul 15, 2024
  • read svg icon6 min read
Best HIPAA Compliant Email for Therapists blog header

HIPAA compliance can be confusing, especially when it comes to finding the best HIPAA compliant email solution. Therapists, and other mental health professionals, particularly if solo practitioners, can find available solutions complicated and expensive. So, we fixed it. We can easily make your existing email HIPAA compliant with low pricing tailored for solo practitioners and small offices. That, combined with our unparalleled ease-of-use for you AND your recipients, assures that SecureMyEmail is the best HIPAA compliant email for therapists.

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a US federal law that requires the protection of sensitive patient health information from being disclosed without the patient’s consent or knowledge.

Does HIPAA apply to therapists?

Yes. Anyone handling what is called "protected health information," commonly called "PHI," must make certain they are securing this information under HIPAA guidelines. With email, it is often referred to as "ePHI," for "electronic protected health information."

Is SecureMyEmail only for therapists?

No. SecureMyEmail ensures HIPAA compliance for anyone using it. So, if you're seeking HIPAA approved email for counselors, psychiatrists, psychologists, or anyone that may need to be sure they are protected, we have you covered.

Can I respond to a patient email under HIPAA without encryption?

For emails you receive, and did not initiate, there is a measure of implied consent. Specifically, the U.S. Dept. of Health and Human Services (HHS) states, “If the provider feels the patient may not be aware of the possible risks of using unencrypted e-mail, or has concerns about potential liability, the provider can alert the patient of those risks, and let the patient decide whether to continue e-mail communications.”

What we would suggest is to simply use SecureMyEmail to respond to any emails you receive outside of the protection of the service. Then, the conversation may continue and all is now encrypted and HIPAA compliant.

What kind of data is considered PHI that needs to be protected?

More than you think. The HIPAA privacy rule sets forth policies to protect all "individually identifiable" health information that is held or transmitted. This is generally defined as information that can be used to identify, contact, or locate a single person, or can be used with other sources to identify a single individual.

To get specific, below are the 18 HIPAA Identifiers that are considered personally identifiable information:

  1. Patient names 
  2. Patient addresses (or fragments thereof)
  3. All elements (except years) of dates related to an individual (including birthdate, admission date, discharge date, date of death, and exact age if over 89)
  4. Telephone numbers
  5. Fax numbers
  6. Email addresses
  7. Social security numbers
  8. Medical record numbers
  9. Health insurance beneficiary numbers
  10. Account numbers
  11. Certificate/license numbers
  12. Vehicle identifiers and serial numbers, including license plate numbers
  13. Device attributes or serial numbers
  14. Digital identifiers, such as website URLs 
  15. IP addresses
  16. Biometric elements, including fingerprints, retinal, and voiceprints
  17. Photographs of patient
  18. Any other characteristic that could uniquely identify the individual

So, that's a lot of information to protect!

It is. But, in practice, it's not as daunting as it seems with good general security practices. As far as email is concerned, it's just a matter of encrypting it properly with a HIPAA complaint email provider.

My email provider says that they are already "encrypted." Are they HIPAA compliant?

Probably not. At least in the scope of encrypting email in transit, and when archived, well enough to comply with HIPAA. If they were, they would mention this quite prominently, as well as furnish you what is called a Business Associate Agreement (BAA). If they won't do that, they are not HIPAA compliant.

What is a Business Associate Agreement (BAA)?

An agreement that establishes a legally-binding relationship between "HIPAA-covered entities" (you), and business associates (us) to ensure complete protection of PHI. Your email is not HIPAA complaint without a BAA. We include a BAA as part of our paid service level.

What about all these "HIPAA compliant" email providers?

Yes. There are several. Unfortunately, some of their approaches, as they were developed many years ago, can often be rather antiquated and complicated. This puts not only a burden on you, but also on those you send email to. They also tend to charge very high prices.

What are the actual requirements for HIPAA compliant email in a nutshell?

They are shockingly simple once you eliminate "the noise" and focus on the law. Basically, you only need to do 3 things:

  1. Implement a suitable HIPAA compliant email encryption solution.
  2. Sign a Business Associate Agreement (BAA) with the solution provider. (They should provide this)
  3. Use the email encryption solution properly.

Specific to email, HIPAA requires that you protect your patient's information "in transit" and that you save these communications safely. Encryption takes care of that.

The saving of the emails in an encrypted state at rest is for your patients' protection, as well as your own, if there is ever a question as to if you protected the information properly. But, fear not. HIPAA is not rocket science, although some providers may act like it is to stoke fear.

To assuage any fears, SecureMyEmail™ fully encrypts all emails (including attachments) in transit between you and your recipients as well as stores them fully-encrypted on your existing email provider's servers. As long as you use SecureMyEmail when sending and replying to emails that may contain PHI, you're covered.

Why is SecureMyEmail the best HIPAA compliant email for therapists?

Pricing designed for solo practitioners and small offices.

Other HIPAA compliant email providers usually require a minimum number of accounts, as well as some unnecessary features. This can explode costs. We just charge you $3.99/month or $29.99/year per user. No hidden charges. Single-user accounts are welcome. There are also no limits as to how many emails you can send, receive, or store, except any that may be imposed by your email provider.

Works with your current email provider and addresses.

No switching email providers or email addresses needed. Keep everything you have now. We'll add the encryption.

Ridiculously easy setup.

Takes a few minutes. It's so easy, we even wrote a blog article bragging about it

Business Associate Agreement (BAA) included. Fast.

  • Start your free trial.
  • Once you're set up, go to Settings --Subscription, and purchase a plan.
  • Email us and ask for your BAA, and we'll zip it right out.
  • Congratulations, you now have HIPAA compliant email!

You can continue to use your current email setup too.

SecureMyEmail is a suite of fully-functional email client software so you CAN use it as your primary email client, but you don't have to.

We realize that most people already have an email process they have tweaked over time, probably years. With SecureMyEmail, you can continue to use what you have now for folders, sorting, spam control, or every day functionality and familiarity.

The only thing to remember is that when you send and read encrypted email, you do need to use the SecureMyEmail apps. This is easy, because we run in any browser and on mobile, simultaneously with any other email client you have running. Or, just fire us up when you need us, and we sync automatically with your email provider.

Zero burden on your recipients. (this is big)

Almost all other (maybe all, actually) encrypted email providers force your recipients to download software, register, or force you to share a password with them through "other means" so they can read your email and open attachments.

We've developed a unique passwordless approach that doesn't require any of that nonsense. Your recipients just click on a link they receive in their regular email and they can securely read, reply, download attachments, and even add attachments of their own. They do NOT have to use SecureMyEmail, register, or know a password. The entire exchange is fully protected by modern encryption.

Works on all your devices.

SecureMyEmail includes our modern encryption software and apps for Mac, Windows, iPhone, iPad, and Android devices. So, we not only have you covered on your desktop or laptop, but include HIPAA compliant phone apps as well. You can access, read, and reply to your encrypted email from anywhere.

Got a few minutes? Give it a try right now with a 30-Day Free Trial.

No payment info is necessary. Download SecureMyEmail for free and you'll be sending your first encrypted email a few minutes from now!

If you like it, just purchase a subscription through the software. If you have multiple users that you want to be invoiced, or have any questions at all, contact our Sales team and they will get you set up!

Interested in receiving more content like this?
Subscribe now to stay updated with our latest articles and tips
We won’t spam and you will always be able to unsubscribe.