Posted February 25, 2019
Methods for sharing protected health information (PHI) have long been in need of improvement. Even with the maturation of electronic health records, the paths for exchanging and submitting data have not kept up with industry expectations for privacy and convenience. The usual alternatives to email – including patient portals, faxes and traditional postal mail – are often cumbersome, clumsy and simply inefficient. They provide little benefit to either the practice or the patient. Encrypted email, on the other hand, works very well.
Email is ubiquitous. It’s everywhere, used by billions of people per day. Even if your practice is not a fan of using email to communicate regularly with patients, you should know that email is considered the gold standard of accessibility and business efficiency. The best care often starts with compromise. Not on principles or practice, but in providing the best care possible by meeting patients where they are – on their phones and computers. For leading businesses and world-class practices, it is necessary to meet your patients on their terms. Email is where these terms begin. Email cannot be ignored, nor overlooked as a vehicle for engaging patients in their care.
The heart of email
The value of email is in the data attached to it, primarily in files and other attachments where sensitive data usually lives. Email often gets forwarded and saved on devices, which can make information upon them harder to protect. The most important takeaway here for dental practices is that the biggest threat comes from the files within the emails, not just the text within the messages.
The solution is simple: encryption. In essence, encryption “scrambles” the data within your messages and attachments making them only legible by intended users. The use of encrypted email solutions gives your practice one more tool to help maintain compliance with HIPAA. Encryption secures the data within the entire message, including voice recordings, X-ray images, intake forms, and other patient information.
Email encryption solutions are available and simple to use, even if your practice is not tech savvy. The best-encrypted email solutions integrate with your existing email services to improve your workflows and bolster compliance. Even with an encrypted email solution, you are still able to draft, attach and click the “send” button. In other words, encrypted solutions do not interfere with the ease of use or the efficiency of using your normal email.
Encryption means applying protections that “follow” the electronic file no matter where it ends up, and no matter who the receiver is. All message components and attachments are encrypted and protected so only the receiver is able to view the message. File-based encryption also eliminates the threats associated with mistakenly entering the wrong e-mail address.
When evaluating encrypted email solutions, the following are a few points to consider:
Demand 128-bit HTTP over SSL and 256-bit AES encryption. Although these numbers and letters might not mean much to you, having them means that your email encryption service is of the highest caliber, and your information safer. Do your research and be sure that whatever solution you’re looking at has two layers of encryption for maximum data protection.
Encrypted email solutions should integrate with your current practice technology. It’s essential to ensure that your encrypted email solution works with your current email solution. It shouldn’t slow down your practice and its interactions with patients and business partners. If it does, there are no efficiency gains and the purpose of using email in your practice may be moot.
Create a safety net for mistakes. Emails sent to the wrong address can be costly from a HIPAA violation and fine perspective. Errant emails are sent frequently, therefore, your encrypted email solution should be able to help prevent mistakes by providing the ability to revoke access if the wrong recipient receives a message.
Flexibility with your encryption. There’s no need to treat all information equally and no need to encrypt every email you send, but in a practice, you may want to do so. In fact, in the business and practice setting, it’s a good idea to encrypt every communication sent from the office to patients and other providers. Even the most mundane communication could contain Protected Health Information (PHI) that requires protection. The point here is that encryption should not get in the way of your communication efforts; it should support them. Having the ability to easily encrypt information is key.
The bottom line, email is everywhere and that will not change any time soon. In our tech-driven society, it’s likely your best chance at reaching patients. If you choose to use email to communicate with your patients and referring providers, you need to employ a solution that protects the data entrusted to your practice, and you need to do so as efficiently as possible. The technology is available and is yours to use, but you must use it smartly to ensure your messages remain secure and encrypted so as not to put your patients, providers or employees at risk.