Common Email Complaints and HIPAA-Compliance Confusion

To say “not all HIPAA-compliant email services are created equally” is a bit of an understatement. 

Cloud-based, secure email has many benefits, especially in high-security, high-compliance and high-functionality industries like dentistry. Consider that security, compliance and functionality are the primary building blocks of your practice’s email. They must all connect in a way that makes your workflow faster and simpler. Many services show you something that looks great on the surface, but lacks the infrastructure to truly improve your business. A key example is that many cloud services claim to be HIPAA compliant, but an unsettling number may only loosely meet federal law. 

Use this information to choose a secure email service that speeds up your workflow, reduces cost and provides full HIPAA-compliance protection.

It’s free and it claims to be HIPAA compliant!  Many email services offer low or no-cost service and claim compliance. Remember, you often get what you pay for. Many of these services provide only encryption as protection at the “free” level. While encryption is critical because it makes it harder to open a message traveling across the internet if a cybercriminal intercepts it, encryption alone doesn’t cut it. It’s just one of the requirements for compliance. All six of these federal requirements must be met:

  • Authenticates recipients using the DIRECT protocol
  • Controls access with auto log-offs + more
  • Transmits securely at 2048-bit encryption
  • Keeps copies of unaltered records, storing your files in highly secure, private server centers to prevent tampering
  • Provides an audit trail for every message so you can produce this immediately if audited
  • Securely stores your ePHI for six years to prevent loss, theft or damage

I thought spam was just annoying, but a nearby practice just got hacked!
Spam and phishing attacks are the primary ways cybercriminals target dental practices.  

The most secure cloud-based service will be built on the DIRECT Protocol, the federal government’s preferred standard for exchanging Electronic Protected Health Information (ePHI). This standard verifies that the sender is a nationally registered healthcare provider. DIRECT Protocol ensures that your PHI-relevant inbox contains messages only from verified providers or others you invited in. Stopping the criminals at the front door is far more effective than trying to neutralize them once they’re already inside.

I can’t attach this large imaging file!

Eliminate the “ERROR” message telling you your attachment is too big. The right service won’t restrict you to a certain size or number of files allowed in an attachment. Be sure to talk with your potential cloud service to make sure they do, indeed, offer a flexible service without file size limits, and at no additional cost.

I spend a lot of time logging in and out of various windows!

To speed up your workflow, look for a cloud-based service that integrates your regular email—Gmail, Hotmail, AOL etc.—into the same interface as your HIPAA-compliant email. That means one login shows you all email options. Want to completely say goodbye to window hopping? Integrate your single-interface, secure email into a robust, cloud-based, practice management system.

It is worth taking a few minutes to evaluate the effectiveness and compliance level of your “secure” email. The simple change to an efficient, truly-compliant email service can speed up your workflow, reduce stress and save money.

Editor's Note: iCore Exchange cloud-based, HIPAA-compliant email is a VDA Services Endorsed Partner. iCoreExchange is designed to speed up your workflow by eliminating unnecessary steps in your day and reducing the cost of doing business. Visit for special pricing and a free iCoreExchange demo, or call 888.810.7706.