Make your email HIPAA compliant in 15 minutes | SecureMyEmail™

Make your email HIPAA compliant blog banner

There is no shortage of "HIPAA compliance for email" solutions or advice on that topic. Unfortunately, many of them act like making email safe for healthcare is like splitting the atom or something. They use scare tactics and "word salad" to try to convince you to spend much more than you need to on their bloated and complicated "solutions." We commit to you that our simple and modern email encryption service can give you the very best HIPAA compliant email within 15 minutes.

Can you really make my email HIPAA compliant in 15 minutes?

Technically, yes. Because once you clear away all the "blah blah blah" of these HIPAA companies, consultants, and lawyers, HIPAA compliant email only requires:

  • A suitable email encryption solution.
  • Signing a Business Associate Agreement (BAA) with the solution provider.
  • Using the email encryption solution properly.

We can do all this super quickly because we already have a well-known and easy-to-use email encryption service that surpasses HIPAA security standards out-of-the-box. Note: there is no "box," it's all done online so no worries. :)

Simply put, we're in the "make email encryption easy" business, not the "make money on HIPAA confusion and fear" business.

Our service is called SecureMyEmail™ and you will find it shockingly easy to use. Not only for you, but especially for your patients and partners.

For those of you who don't like to "read the instructions" we can jump right in:

1. Download a 30-Day Free Trial of SecureMyEmail™

  • The trial is zero-obligation and no payment/CC info is necessary.
  • Software for Mac, Windows, iOS, iPadOS, and Android is included.
  • You'll be sending your first encrypted email within 15 minutes. Probably less. Proper email encryption is 95% of HIPAA compliance.
  • It's very intuitive, but here is a support article on sending and receiving encrypted messages if you need it. Contact us with any questions! 
  • If it's NOT for you, for any reason, the trial will just run out and we part friends. No payment is owed.

2. Purchase a subscription at any time during your trial.

  • Every user can just click "Subscription" in Settings to pay by credit card.
  • If you have multiple users, and prefer to be invoiced, contact our Sales team and we'll set you up.
  • The really good news is that we only charge $3.99/month or $29.99/year per user.
  • AND... solo practitioners are welcome. We don't have a minimum user commitment like, seemingly, everyone else.

3. Email us for our Business Associate Agreement. Sign it. Send it back.

  • As a healthcare provider, you've probably already signed a lot of these. If not, a BAA is a simple HIPAA-required agreement between you (the "covered entity") and us (the "business associate").
  • You should sign these with any third party that could potentially be handling patient information.
  • Again, we have ours ready to go so just email us and we'll send it to you for your signature.

4. Guess what? Your email is now HIPAA compliant.

  • Sorry. We know you were looking forward to all the Zoom calls with "HIPAA Solution Salesmen."
  • Just make sure you use the SecureMyEmail software (and apps on mobile devices) to encrypt and send any emails containing any patient information and you're all set!
  • The people you send email to don't have to do anything special and their replies and attachments will be encrypted and HIPAA compliant too!

Actually, I find reading about HIPAA quite exciting. May I know more first?

Absolutely! We get it. What is more fun than discussing encryption and government regulation? Let's get into it.

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a US federal law that requires the protection of sensitive patient health information from being disclosed without the patient’s consent or knowledge.

With regards to handling of this protected health information (PHI) in email, it comes down to two rules:

  • The Privacy Rule mandates how all PHI must be treated.
  • The Security Rule provides additional regulations for PHI that is in electronic form (ePHI), like email.

Remember these as they will be on the test.🙂

What does HIPAA have to say about email, specifically?

The US Department of Health and Human Services (HHS), who administers HIPAA, specifically mentions email in their guidance

Here are the relevant excerpts with emphasis applied by us:

Does the HIPAA Privacy Rule permit health care providers to use e-mail to discuss health issues and treatment with their patients?

Yes. The Privacy Rule allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they apply reasonable safeguards when doing so.

...while the Privacy Rule does not prohibit the use of unencrypted e-mail for treatment-related communications between health care providers and patients, other safeguards should be applied to reasonably protect privacy, such as limiting the amount or type of information disclosed through the unencrypted e-mail.

Okay. So, not only does this seem to be a recommendation to use encrypted email, they even seem to be fine with using unencrypted email for some situations. But, you'll be using encrypted email so you won't have to worry about any of that!

But, let's soldier on...

This leads us to the HIPAA Security Rule.

The Security Rule protects a subset of information covered by the Privacy Rule, which is all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. The Security Rule calls this information "electronic protected health information" (e-PHI).

In addition, covered entities will want to ensure that any transmission of electronic protected health information is in compliance with the HIPAA Security Rule requirements at 45 C.F.R. Part 164, Subpart C.

BTW, if you didn't know, YOU are the "covered entity." That's just the way they talk. We live in the D.C. area so we're used to it.

So, the referred to 45 CFR Part 164, Subpart C is painfully long, written in governmentESE, and contains a lot of general HIPAA stuff not relevant to email. As a healthcare provider, we will assume you already know the basics of HIPAA.

Therefore, let's focus on the specific "technical safeguards" contained in 45 CFR 164.312 as they are what is relevant to HIPAA compliant email and, our service, SecureMyEmail. Suffice it to say that we have you covered.

  • Access Control - Only authorized users in your organization can access encrypted emails sent and archived with SecureMyEmail. Recipients are given secure, encrypted, temporary access with a unique identifier (and/or optional password) so they may read, download attachments, attach files, and reply back to you while preventing any unauthorized access of the ePHI.
  • Unique user identification - Each SecureMyEmail user has a unique email address, authentication credentials, cryptographic keys, and secondary secure password. 2FA is also available.
  • Automatic Logoff - SecureMyEmail has automatic logoff on desktop. Mobile apps utilize the device's access timeout.
  • Audit Control - Every encrypted email containing ePHI is automatically saved/archived by  SecureMyEmail for any future audits.
  • Integrity Control - SecureMyEmail preserves the integrity of every email sent and received. This is enhanced by the built-in cryptographic "signing" of each encrypted message to ensure message integrity.
  • Encryption and decryption - SecureMyEmail provides industry-leading symmetrical and asymmetrical encryption for email and attachments.
  • Transmission Security - The encryption used not only secures the email and attachments in transit to and from your recipients, but also when archived "at rest" on your mail provider's servers.

What if my email provider says they are already "secure?"

They're probably not. At least not enough to comply with HIPAA. It's very important to know that even if your email provider claims they have things like "TLS" encryption,  or provide "secure" email, or "encrypted storage of emails at rest," it's 99% for sure not going to be good enough for HIPAA. Unfortunately, "weasel words" and sloppy use of security terminology are rampant in tech, as we're sure you likely know.

That being said, if they are an actual "encrypted" email provider, they may be fine. Our encryption solution is still likely a far simpler and lower cost solution for you, mainly because we allow you to stay with your current email provider. But, that is up to you. :)

Bottom line is unless your current email provider is willing put in writing that they are "HIPAA compliant" and provide you a Business Associate Agreement defining that, you should look elsewhere.

Why should I care if my email is HIPAA compliant?

  • Email is NOT secure enough for HIPAA unless it is properly encrypted.
  • Email's ease of use, and the fact that everyone (you, patients, partners, labs) has it, makes accidental leakage of patient data a valid concern.
  • Email on mobile, and other devices not controlled by the healthcare provider, increases the risk.
  • Although we don't wish to join in with the fear-mongering, HIPAA is indeed a serious law with serious penalties for violations. You need to be sure.

What are the benefits of HIPAA compliant email?

  • Patients and associates prefer it. Email is just easier for everyone.
  • Way more efficient and convenient for you too.
  • Email keeps an automatic timeline and archive of interactions with patients and partners.
  • Can be far less expensive than other methods of communication.
  • Increased mobility and responsiveness with patients, etc. through mobile devices and tablets.
  • When done properly, encrypted email can be far more secure than other communication methods.

Why is SecureMyEmail the best HIPAA compliant email solution?

Works with your current email provider and addresses.

No need to change email providers or your email addresses.

Super fast setup and easy-to-use.

You and staff can set up themselves in a few minutes. No training necessary.

Zero burden on those you send encrypted email to.

Your recipients don't have to sign up for anything, download anything, use a clunky portal, or do anything special at all. Unlike other solutions, doesn't even require an out-of-band password to be sent. If they have an email address, they already have everything they need.

No fluff.

We don't pad it with unnecessary features to justify higher pricing or add confusion.

No user minimums.

Solo practitioners and small practices welcome.

Works on all your devices and the apps are free.

Cool software for Windows, Mac, iOS, iPadOS, and Android is included.

Business Associate Agreement (BAA) included.

Just email us to get a copy of our BAA for your signature.

Super low pricing.

Only $29.99/year or $3.99/month per user.

How does SecureMyEmail work? Explain it to me as if I was just born.

The easiest way to think about it is when you send an email with SecureMyEmail, we "wrap it" in an "encrypted envelope." The email and attachments are transmitted to your recipients within this envelope.

When they receive your email, they just click on a link in the email and they can securely read it, as well as download any attachments you sent them, in their web browser. It basically looks like Gmail.

They can then click reply, add any attachments they want to send back to you, and click send. All is kept secure, encrypted, and, most importantly, HIPAA compliant!

Even better, when you receive their encrypted email back, the SecureMyEmail software will decrypt their email and attachments for you and store a copy in your Sent and Encrypted folders. You're also welcome to move it to a custom folder as well.

These email and attachments are actually saved and archived on your current email provider's servers, like all your other email, but they are fully encrypted and are only accessible by you through the SecureMyEmail software. Nobody but you, including your email provider, can access.

Great! How can I get started and send a HIPAA compliant email right now?

  • Each user should Download and Install a 30-Day Free Trial of the SecureMyEmail software or mobile app for their first device.

Note:  If you have lots of users, go ahead and let them set up SecureMyEmail individually on the free trial and contact our Sales Team to merge them into a single invoice if you decide to purchase.

  • Follow the simple setup instructions. Be sure to write down your "secret password" when prompted. This is key to enabling the encryption.
  • If your email provider is Google, Yahoo, Microsoft, or AOL we have a button! Yay!. Click it to sign into your provider and setup is automatic.
  • If you have a different email provider, click "Manual/Other." We'll attempt to fill in your mail provider info, but it's good to look up your email provider's "IMAP" server settings in case you need to enter them manually.
  • If you're a manual set up user, you'll also need your email account password.

Note: If you use iCloud, Fastmail, Zoho Mail, or some other providers, they may require an "app-specific" password that you must use instead of your usual mail password. Below are links to their pages to set one up:



Zoho Mail (optional)

  • Once your INBOX starts to load, you can send some TEST encrypted emails. Not to be a downer but you do have to email us for our BAA and sign it first to be "HIPAA compliant."

So, fire away but don't include any protected patient information in the email.

You should try sending them to email addresses that are NOT signed up with SecureMyEmail too as that will be the most likely case for your patients, partners, etc.

Just click COMPOSE and the software will show you the two encryption options. The default one requires NO PASSWORD for your recipients. They can easily receive and reply back to you and all is encrypted and HIPAA compliant.

If you'd like to see the entire process of the sending and receiving of encrypted email down to a microscopic level, here is a support article that breaks it all down with screenshots.

We hope you enjoy your new HIPAA compliant email!

Contact us with any questions!

Interested in receiving more content like this?
Subscribe now to stay updated with our latest articles and tips
We won’t spam and you will always be able to unsubscribe.