Secure, HIPAA-Compliant Email

HIPAA Compliant Email Where Big Attachments are No Big Deal.™

Speed up the way you share patient records. There’s no need to split large image files across multiple emails, send through snail mail or transfer to costly CDs. Just compose, drag, drop, and hit send.  Done. It's the easiest, safest and fastest way to get over your attachment issues and gain freedom in your clinical workflow.  

And, in a time when cybercrime, ransomware and phishing are more and more invasive, you need iCoreExchange’s fully HIPAA-compliant, cloud-based email to protect your patient and practice data whether it’s sitting in your inbox or sending to anyone else’s inbox.

  • Say goodbye to attachment issues. Unlike others, iCoreExchange lets you attach as many files as you want to any email with no size limits. Send your biggest X-rays and images all day long
  • Don’t be Phish Bait. Cybercriminals target emails to steal information and hold practices for ransom. No iCoreExchange email has been spammed or phished. Ever!
  • Skip after-hours trips to the office. Review and send patient records securely from anywhere, anytime. iCoreExchange is cloud-based, so your location doesn’t matter
  • Keep your “fax” straight. There are too many ways that faxing leads to straight-up HIPAA violations. The guaranteed legal way to send PHI is through fully HIPAA-compliant email
  • Who are you referring to? iCoreExchange has a built-in referral network so you have instant access to qualified providers. Give referrals. Get referrals. Stay connected

Member Benefit Information:

VDA members receive a 35% discount off the regular monthly price.  That’s only $22.50 per month per provider.

Check out iCoreExchange. Book a live online demo.

iCoreExchange Logo Footer

Articles from iCore​Exchange

Three HIPAA Compliance Actions You Should Take Right Now

Learn about three direct steps you can take now to reduce the risk your practice could be fined and publicized as a HIPAA violator.

Most providers today know HIPAA places certain standards on practices in order to keep patient data safe, and failure to comply with these safeguards results in corrective actions and large fines.  Just one compromised medical record can cost a practice $50,000.[1]  In this article, we will name three direct steps you can take now to reduce the risk your practice will be fined and publicized as a HIPAA violator.


First, a quick review: HIPAA (or the Health Insurance Portability and Accountability Act of 1996) was designed to safeguard the Protected Health Information (PHI) of patients.  The continued goal is to keep patients’ PHI absolutely private, safe from data thieves and data loss. 

HIPAA requires providers to ensure the secure storage and transmission of patient information in order to promote the best care and privacy possible.


Many providers focused on running their practices have not had the opportunity to sort through HIPAA regulations with the fine-toothed attention required to achieve compliance.  They also have long-held workflows reliant on non-compliant technology and record systems.  The perceived cost, both financially and functionally, of achieving HIPAA compliance can seem daunting, so there are many practices who take the heavy risk of continuing business as usual.


There are a few immediate actions you can take now to move toward HIPAA compliance with minimal upfront cost or interruption in workflow.

1. Move your data to the cloud

If you rely on an on-site server to store all your patient data—or if someone from your team is carrying a backup hard drive to and from the office every day—moving your data to the cloud is one of the most immediate ways to save money, time and worry.

When your data is in the cloud, it’s stored at multiple high-security data centers.  Because it’s backed up at more than one center, no single disaster (such as a fire or flood) can wipe out your patient data.  Importantly, you won’t need a backup hard drive that may end up in the hands of data thieves.

Consider what happened at Washington State University in 2017.  According to the HIPAA Journal[2], a hard drive containing the identifiable information of more than 1 million research participants, including social security numbers, was stolen despite being locked in a safe (also stolen).  The estimated cost of the breach was $245 for each exposed record.  That’s one expensive hard drive.

Not only does storage in the cloud protect your data, it can improve the efficiency of your practice.  When you move to a cloud-based Electronic Health Record (EHR) system, you’re not bound by the size or space constraints of having a server tower live at your practice.  You can even access patient data from other locations via your laptop or smartphone.

Using the cloud to store and back up your data is actually very cost efficient as well, often far less expensive than traditional backup systems.

2. Stop sharing PHI via Gmail, Yahoo! or Outlook

A huge portion of HIPAA violations, resulting in the largest fines, stem from attacks on non-secure emails containing PHI.  These hacking and phishing attacks on emails are so frequent and successful because:

  • Data thieves can execute them remotely, so they’re harder to track down
  • When undiscovered, hacking/phishing can go on in perpetuity, continually mining PHI and increasing the inevitable HIPAA penalties
  • Many email services that claim to be HIPAA compliant are not actually compliant unless used in a very narrow, unrealistic way.Data thieves rely on this false sense of security

In 2018, Anthem, Inc., a nationwide health benefits company, paid $16 million[3] to the federal government after falling victim to the largest U.S. health data breach in history.  The cyber criminals made off with the PHI of almost 79 million individuals, from names and social security numbers to medical ID numbers and employment information.

How did this happen?  The “cyber-attackers had infiltrated their system through spear phishing emails” and “at least one employee responded to the malicious email and opened the door to further attacks.”[4] 

First, educate your team to never click on links or respond to emails that seem even vaguely suspicious or unsolicited.  And, never, ever, send PHI through GMail, Yahoo! or Outlook, etc. as it is very easy to unwittingly commit a HIPAA violation through these and other popular services.

Second, your email service has to fulfill five federal technical safeguards to actually be HIPAA-compliant:

  • ●Transmission security: messages and attachments must be encrypted
  • ●Authentication: verifies that the people seeking access to ePHI are who they say they are
  • ●Access control: logins must be secure, and an auto-logoff implemented
  • ●Audit control: an audit trail of all messages must be available for at least six years
  • ●Integrity: all data must be backed up securely with redundancy

Does your email fulfill all five?  If it falls short of even one safeguard—that’s a violation of the law.  Take the key step of adopting a fully HIPAA-compliant email right away.

3. Conduct a Risk Analysis to See Where Else Your Practice is Compromised

Moving to a secure cloud-based EHR service and fully HIPAA-compliant email are guaranteed solutions against a huge number of electronic HIPAA violations. 

However, there are more steps to take to be fully protected, and the process gets a little trickier here.  As every practice functions differently, there is no one-size-fits-all solution for perfect compliance on every level (including human error).  Everything from the angle of a computer monitor, failure to log out of secure portals when away the from desk, unlocked doors and data stored unwittingly on the hard drive within a fax machine can result in possible HIPAA violations.  Did you know that many fax machines indefinitely store copies of everything they receive/transmit?  That makes a fax machine a major liability.

Knowing every in and out of HIPAA law takes time and study.  That’s why you should invest in a qualified professional to come to your practice and assess every aspect of how PHI is handled and stored.  They will find and offer solutions to correct any aspects of practice activity currently putting PHI at risk. 

Upfront costs for these services vary, but one thing is certain: achieving compliance now will cost you far less than a HIPAA settlement.

For more information about HIPAA compliance and PHI security, call iCoreConnect at 888-810-7706, visit or  iCoreConnect’s HIPAA-compliant email service (iCoreExchange) encrypts data at the highest levels, and securely stores PHI.  iCoreExchange is endorsed by VDA Services and meets or exceeds all of the government’s five technical safeguard laws for HIPAA compliance.