Email Pros HIPAA Email Compliance
Email Pros, Inc., an American Company based out of Southern California, is a Hosted HIPAA Compliant Email Service Provider for health care providers, doctors, clinics, psychologists, dentists, chiropractors, nursing homes, pharmacies, health insurance companies, hospitals, and billing services.
We are HIPAA, HITECH, and OMNIBUS Compliant!
99% of covered entities make the huge mistake of thinking they can become HIPAA Compliant by simply deploying an email encryption solution. What they fail to understand is there is a lot more to HIPAA Email Compliance than just using encryption.
Our team of Certified HIPAA Security Experts have engineered our email service from the ground up to comply with the standards of the HIPAA Privacy and Security Rule. We have gone through training and certification and have identified 5 things a covered entity must have in order for their email communications to be fully HIPAA Compliant:
1. Access Control. Email Pros has implemented technical policies and physical procedures that restricts anyone from accessing stored email messages and electronic protected health information (e-PHI) on all our servers. We operate our own servers locked inside secured cabinets, housed in a highly secure, SOC 2 Type II Data center with video surveillance and round the clock security guards. In order to gain physical access to our servers, a person must surrender their photo ID, have a keycard, and pass a biometric verification.
2. Audit Controls. Email Pros has implemented hardware, software, and procedural mechanisms to record and examine access and other activity in our information systems. We keep a log of all email activity: such as user ID, date, time, sender, recipient, type of encryption, and more for a minimum of 6 years which may be examined by the Department of Health and Human Services anytime during an audit. In an effort to protect our customers from unauthorized access, we also monitor all failed login attempts, hacking activity, and password resets.
3. Integrity Controls. Email Pros has implemented policies and procedures to ensure that e-PHI is not improperly altered or destroyed. All outgoing emails are signed via DKIM and SPF to ensure its integrity and authenticity. To protect your data, we use RAID-10, the best storage solution available. Each hard drive in our RAID-10 Array has a Meantime Between Failures (MTBF) of 1.2 Million Hours (137 years). It would take a catastrophic failure of 9 hard drives all at once, per server, for us to lose data. The odds are similar to the risk of being struck by lightening.
4. Transmission Security. Email Pros has implemented technical security measures that guard against unauthorized access to e-PHI that is being transmitted over the internet. Our DNS servers use DNSSEC to protect our customers against spoofing and “man-in-the-middle” attacks. We use the highest “military grade” protocol to transmit data over the internet with Transport Layer Security (TLS) 1.2 and 256-Bit AES Encryption. We also provide advanced features such as Secure File Link, Message Encryption, and Data Leak Prevention.
5. Business Associate. Email Pros is considered a Business Associate and provides all our customers with aBusiness Associate Agreement, signed by our CEO, which outlines the permitted and required uses of protected health information by us. In a nutshell, we do not access your data, period. This ensures that the privacy and security of your email is completely private, protected, and confidential. Usually during an audit, a Business Associate Contract from us should satisfy the Department of Health and Human Services.