Facebook Youtube Linkedin
ComplyAssistant

Everything You Need to Know About HIPAA Compliant Email

Email communication is an essential tool for healthcare providers, but when it comes to sharing Protected Health Information (PHI), regular email systems fall short of meeting security standards. For therapists and healthcare providers, ensuring that email communication is HIPAA-compliant isn’t just a matter of best practices—it’s a legal necessity to protect patient privacy.

In this comprehensive guide, we’ll explore the essential requirements for HIPAA-compliant email, share expert insights, and help you select the right provider to ensure your practice remains fully compliant with industry standards.

What is HIPAA-Compliant Email?

HIPAA-compliant email is a secure email service that meets the strict privacy and security standards set by the Health Insurance Portability and Accountability Act (HIPAA). These email systems are specifically designed to protect Protected Health Information (PHI) from unauthorized access, ensuring that patient data remains confidential throughout transmission and storage.

In essence, HIPAA-compliant email is more than just encryption—it encompasses several critical security measures to ensure that patient data remains private and protected at all stages of communication.

Here’s what makes an email truly HIPAA‑compliant:

  • Encryption in Transit and at Rest: The email’s content and attachments must be unreadable by anyone other than the intended recipient. This means that while the email travels across networks and while it remains stored, it must be safeguarded.
  • Recipient Authentication and Access Control: The sender must ensure that the person receiving the email is authorized to see the PHI, and the system must control access (for example, via multi‑factor authentication or unique user IDs).
  • Auditability and Traceability: The email must leave a record of who sent it, where it went, when it was opened, whether it was changed or forwarded—so any misuse or breach can be detected and investigated.
  • Minimum Necessary Disclosure: Even when using email, you must only send the amount of PHI that’s necessary for the purpose. Sending more than needed increases risk and violates HIPAA’s “minimum necessary” principle.
  • Business Associate Agreement (BAA): If your email service provider stores or transmits PHI on your behalf, you must have a signed agreement that obligates them to protect that PHI in line with HIPAA rules.  

 

Ready to Simplify HIPAA Compliance?

Our intuitive HIPAA compliance software helps you stay secure, meet all regulations, and streamline your processes. Get started today and stay compliant with ease!
Get Started with Compliance

What Are My Options for HIPAA-Compliant Email?

When choosing a HIPAA-compliant email solution, healthcare providers generally have three options:

  1. Generic Email Services (with Add-Ons)

  2. Email Encryption Add-Ons

  3. Dedicated HIPAA-Compliant Email Providers

Each of these options offers different benefits and challenges, depending on the size and needs of your practice. Below, we will expand on each option to help you decide which one is the best fit for your specific situation.

1. Generic Email Services (with Add-Ons)

Many healthcare providers are already familiar with generic email services like Gmail and Outlook, which are widely used for personal and business communication. However, these services are not HIPAA-compliant out of the box. With the right configuration, they can be turned into secure email systems capable of handling Protected Health Information (PHI).

How It Works:

To use a generic email service like Gmail or Outlook in a HIPAA-compliant manner, you’ll need to upgrade to a paid business plan (e.g., Google Workspace or Microsoft 365) and then apply additional security measures such as email encryption and access controls. You’ll also need to sign a Business Associate Agreement (BAA) with the provider to ensure PHI is handled securely.

Pros:

  • Familiarity: If you or your staff already use Gmail or Outlook, there’s no steep learning curve.

  • Integration: These services integrate well with other tools (e.g., Google Drive, Microsoft Office), which can streamline your workflow.

  • Affordability: Generic email services typically cost less than dedicated HIPAA-compliant email providers, especially for small practices.

Cons:

  • Not HIPAA-compliant by default: Additional setup and paid plans are required, which can be time-consuming.

  • Encryption and BAA required: You’ll need third-party encryption tools and to ensure that a BAA is signed.

  • Complex Configuration: Setting up these services to be fully HIPAA-compliant can require technical expertise, and failure to configure everything correctly can put your practice at risk.

Best For:

  • Small practices or solo practitioners already using Gmail or Outlook who are comfortable with setting up the necessary security configurations and have access to IT support.

2. Email Encryption Add-Ons

An alternative to switching to a completely new email provider is to add encryption to your existing system. This is particularly helpful for practices that don’t want to move away from their familiar email system but still want to ensure secure communication of PHI.

How It Works:

Encryption add-ons, such as Virtru and Paubox, integrate with services like Gmail and Microsoft Outlook to encrypt emails both in transit and at rest. Once the encryption is applied, the email content is scrambled, ensuring that only the intended recipient can read it. Most of these add-ons also support the signing of a Business Associate Agreement (BAA).

Pros:

  • Simple Integration: Encryption can be added to your existing email system without the need for a full switch to another service.

  • Minimal Disruption: Since you’re still using your current email provider, there’s no need to train your staff on a new system.

  • BAA Support: Many encryption services offer the ability to sign a BAA, ensuring HIPAA compliance.

  • Cost-Effective: Generally, encryption add-ons are more affordable than switching to a dedicated HIPAA-compliant email provider.

Cons:

  • Additional Costs: While you don’t need to switch to a new email provider, you will need to pay for the add-on service, which adds to your overall costs.

  • Encryption Limitations: Some email encryption tools only secure the email content, not the entire system. This means your email system might still lack some of the required safeguards.

  • Possible Integration Issues: Some add-ons may not work seamlessly with all email providers, leading to compatibility issues.

Best For:

  • Healthcare providers who want to maintain their current email system but need to ensure compliance by adding encryption without the hassle of a full migration.

3. Dedicated HIPAA-Compliant Email Providers

Dedicated HIPAA-compliant email providers are built specifically for healthcare practitioners who need a secure, reliable, and easy-to-use system for sending PHI. These providers offer comprehensive email security features out of the box, including encryption, audit logging, access controls, and automatic compliance with HIPAA regulations.

How It Works:

Dedicated HIPAA-compliant email services, such as Hushmail and Paubox, are designed to protect PHI from unauthorized access, ensuring your email communications are fully encrypted both in transit and at rest. These services also include features like audit logs, user authentication, and automatic encryption, all of which are crucial for HIPAA compliance. Additionally, they offer a signed Business Associate Agreement (BAA), ensuring the service provider is legally responsible for safeguarding PHI.

Pros:

  • All-In-One Solution: These providers offer a fully integrated solution with all necessary security features built into the email platform.

  • HIPAA-Compliance Built-In: There’s no need to configure encryption or worry about the technical aspects of compliance; everything is already set up to meet HIPAA requirements.

  • Easy to Use: These providers are designed for healthcare practices, so they prioritize ease of use, with intuitive interfaces and minimal setup.

  • Reliable Support: Dedicated HIPAA-compliant providers often offer robust customer support tailored to healthcare practices, making it easier to get assistance if needed.

Cons:

  • Higher Cost: Dedicated HIPAA-compliant providers tend to be more expensive than using a generic email provider with add-ons, especially for smaller practices.

  • Less Flexibility: You may not have as much freedom to integrate these services with other non-healthcare tools or platforms as you would with generic providers.

  • Migration Overhead: If you’re switching from a generic email system, migrating to a dedicated HIPAA-compliant service may involve some initial setup time.

Best For:

  • Practices are looking for a comprehensive, reliable solution that is easy to implement and maintain. Ideal for healthcare providers who prefer a hassle-free, dedicated solution for secure email communication.

How to Create HIPAA-Compliant Email

Regular email services simply don’t have the security measures needed to protect patient data. To help you understand how to make your email system HIPAA-compliant, we’ve broken the process down into simple, actionable steps that you can implement right away.

Step 1: Choose a HIPAA-Compliant Email Service

The first step to creating a HIPAA-compliant email system is selecting an email service that offers the security features necessary for compliance. HIPAA requires that you protect PHI when it’s sent electronically, and encryption is the key to making sure patient data remains safe during transmission.

  • Encryption: This means the contents of your emails are scrambled into unreadable data as they travel over the internet. Only the intended recipient can decrypt it and read it. The email service you choose should offer end-to-end encryption, meaning that both the email in transit (on its way to the recipient) and email at rest (once it’s stored on the email provider’s servers) are both protected. This ensures that no one else can access your patients’ data during transit or while it’s stored.

  • Business Associate Agreement (BAA): Once you’ve chosen your email provider, you’ll need to sign a Business Associate Agreement (BAA). This agreement is a legal contract that outlines how the email provider will help protect PHI according to HIPAA standards. The provider agrees to ensure that their systems and practices meet the necessary privacy and security requirements.

Step 2: Enable and Configure Security Settings

Once you’ve selected your provider and signed the BAA, you’ll need to make sure your email system is set up to provide the maximum protection for PHI. This involves enabling several security settings that ensure both your emails and the systems they run on are secure.

  • Enable Automatic Encryption: Set up automatic encryption for all outgoing emails. This ensures that every email containing PHI is automatically encrypted, without you needing to take extra steps each time you send a message. Some email services allow you to configure this feature to apply to all emails, ensuring that no PHI is sent unsecured.

  • User Authentication: It’s important to restrict access to your email system. Set up strong user authentication, such as two-factor authentication (2FA), which adds an extra layer of security. This means even if someone tries to access your email account, they’ll need to provide a second form of verification (like a code sent to their phone) in addition to their password.

  • Session Timeouts: To prevent unauthorized access if a computer is left unattended, set up automatic logouts after periods of inactivity. For example, if you’re away from your computer for 15 minutes, the system will log you out automatically. This helps keep PHI safe from anyone who might try to access your computer while you’re not around.

  • Audit Logs: You should be able to track every action in your email system with audit logs. These logs show when emails were sent, when they were opened, and who accessed them. This is important for identifying any unauthorized access or any unusual activity, and it’s a requirement under HIPAA for maintaining security over PHI.

Step 3: Train Your Team on Secure Email Practices

No matter how good your email system is, the people using it are just as important. To maintain HIPAA compliance, you must train your staff to understand how to handle PHI securely in emails.

  • When to Use Secure Email: Teach your team the difference between secure email (which is used to send PHI) and regular, non-sensitive email. Make sure they know when it’s necessary to use encryption and when it’s okay to send information through regular, unencrypted channels.

  • Properly Sending Encrypted Emails: Everyone needs to know how to send encrypted emails. This could mean understanding how to manually encrypt emails when needed or knowing how to use a secure email service that automatically encrypts messages.

  • Recognizing PHI: Ensure that your team can identify what constitutes PHI. This includes not just medical records but also anything that can identify a patient—such as names, addresses, social security numbers, and even billing information. They should be trained to treat all PHI with care, especially when communicating via email.

  • Email Security Policies: Establish clear guidelines for your team on how to securely use email. This includes steps like always double-checking email addresses before sending PHI, using secure attachments, and knowing how to properly respond if they accidentally send an email to the wrong person.

Step 4: Establish Clear Email Policies

Now that your team is trained, you need to put your practices into writing. Clear policies and procedures help everyone in your practice stay on the same page when it comes to handling PHI through email.

  • Which Information Requires Secure Email: Write guidelines on which types of patient information need to be sent via secure email and which don’t. For example, sensitive treatment records or diagnosis details should always be sent securely, while less sensitive information (like appointment reminders) can be sent via regular email.

  • Handling PHI in Emails: Create a step-by-step process for how to securely handle and send PHI. This could include a checklist for sending secure emails, using encrypted attachments, and reviewing emails before sending them.

  • Incident Response Procedures: In case an email with PHI is sent to the wrong person or intercepted, you need a clear action plan. Train your staff on what steps to take immediately, such as contacting the unintended recipient, asking them to delete the email, and reporting the incident to your practice’s security officer.

Step 5: Perform Regular Security Audits and Updates

HIPAA-compliant email isn’t a one-time setup—it requires ongoing maintenance. To stay compliant, you’ll need to regularly audit your email system and ensure your policies are up to date.

  • Conduct Regular Audits: Perform periodic audits of your email system to identify any vulnerabilities or areas where security could be improved. This includes reviewing encryption settings, checking user activity logs, and making sure your team is following best practices.

  • Stay Up-to-Date: Keep your email software and security settings updated to protect against new threats. Email systems, like any software, can have vulnerabilities that need to be patched. Set up automatic updates whenever possible, and stay informed about any changes in HIPAA regulations or security standards.

Examples of HIPAA-Compliant Emails

Understanding what HIPAA compliant emails look like in practice can help you implement them correctly in your practice.

Example 1: Basic Encrypted Email with Disclaimer

Subject: Follow-up on Today’s Session – Encrypted

Email Body:

Dear Sarah,

I hope you’re feeling better after our session today. As discussed, I’m sending you the worksheet we reviewed, along with some additional resources that might be helpful.

Please remember to practice the breathing techniques we covered, and don’t hesitate to reach out if you have any questions before our next appointment on Thursday.

Best regards,

Dr. Johnson

CONFIDENTIALITY NOTICE: This email contains confidential health information protected by HIPAA. It is intended only for the named recipient. If you received this email in error, please notify the sender immediately and delete this message.

What makes this compliant:

  • The email is sent through an encrypted email service
  • A BAA is in place with the email provider
  • The subject line indicates the email is encrypted
  • A confidentiality notice is included

Example 2: Email with Secure File Attachment

Subject: Lab Results – Secure Attachment

Email Body:

Dear Michael,

Your recent lab results are ready for review. I’ve attached them to this secure email for your convenience.

The results show improvement in several areas we discussed. I’d like to schedule a follow-up appointment to go over them in detail and adjust your treatment plan accordingly.

Please call our office at (555) 123-4567 to schedule your next visit.

Warm regards,

Dr. Smith

This message and any attachments contain confidential health information protected under HIPAA regulations.

Compliance features:

  • Encrypted email service with BAA
  • Secure file attachment that’s also encrypted
  • Clear identification of confidential content
  • Professional, appropriate communication

 

The key difference between these examples and regular email is the underlying security infrastructure—encryption, audit trails, and proper access controls that protect the information throughout its journey.

Top Email Providers for HIPAA-Compliant Emails

​​

Provider

Best For

Key Features

Starting Price*

Free/Demo

Compliance Certifications

Customer Support

Paubox

Mid‑to‑large practices

Automatic encryption of outbound & inbound emails, BAA

~ $30/month per user (approx) 

“Start for free / Talk to sales” indicated 

HITRUST CSF certified 

U.S.‑based support; focus on healthcare workflows 

Virtru

Teams using Gmail/Outlook workflows

End‑to‑end encryption, revoke access, audit logs, BAA

~ $119/month for 5 users 

Demo booking available 

FedRAMP / NIST SP 800‑53 compliance mentioned 

Online support; strong enterprise support presence 

Hushmail

Solo practitioners / small clinics

Encrypted email + secure forms and e‑signatures, BAA

From $11.99/month (1 user) 

14‑day free trial available 

HIPAA‑compliant healthcare plan; exact certs vary 

Email & call‑back support, strong for smaller practices 

LuxSci

Larger organizations needing scale

Highly customizable encryption, secure messaging, large volume support

Custom pricing (~$50/month base) 

Free trial mentioned in broader review 

Enterprise‑grade compliance noted; details vary 

Enterprise‑level support expected but varies

MailHippo

Budget‑conscious small practices

Encryption, BAA, simple setup with existing email platforms

From roughly $4.95/month per user 

Entry tier free/low‑cost option (industry review) 

Basic HIPAA compliance features; verify specifics

Basic support; cost‑effective option

NeoCertified

Small/medium practices wanting all‑in‑one solution

Secure portal, encryption of attachments, BAA

~ $99/year per user (as noted) — review found 

Trial or demo may be available (check vendor)

HIPAA‑friendly; review showing “easy to use, affordable” 

Customer feedback positive for ease of use

Aspida Mail

Smaller healthcare providers

Automatic encryption, secure portal, BAA included

Custom pricing (quote required)

Request quote / demo likely

HIPAA‑compliant marketing indicates BAA support

Support tailored for smaller practices

 

1. Paubox

Paubox is a leading choice for HIPAA-compliant email services, especially for healthcare providers who want seamless email encryption without interrupting their current email workflows. It’s designed to integrate easily with popular email systems like Google Workspace and Microsoft 365, offering end-to-end encryption, security features, and ease of use that don’t require any extra steps for the user.

Key Features

  • Automatic Encryption: All emails, including attachments, are encrypted automatically, with no action needed from the sender. This makes Paubox incredibly user-friendly.

  • HIPAA-Compliant Inbound Email: It provides a secure inbox for receiving encrypted emails from others, making it a complete solution for email security.

  • Business Associate Agreement (BAA): Paubox offers a signed BAA, which is required under HIPAA for any service provider you work with that handles PHI.

  • 24/7 Support: Paubox has strong customer support to help guide users through any issues they may encounter.

Pricing: Starting at $30/month for a single user with basic features. Paubox also offers tiered pricing based on the number of users, with more features available at higher price points.

2. Virtru

Virtru stands out because it allows you to add encryption to your existing email system, such as Gmail and Microsoft Outlook, without needing to switch to a separate platform. Virtru integrates seamlessly with those services while providing strong encryption and control over email content, making it ideal for teams that are already using these common email providers.

Key Features

  • End-to-End Encryption: Encrypts emails automatically as they are sent, ensuring that only the recipient can decrypt and view the content.

  • Email Control: With Virtru, you can control who has access to your emails, revoke access at any time, and track when an email is opened.

  • No Need to Change Email Providers: Virtru works with your existing email systems, so there’s no need to disrupt your current setup.

  • BAA Support: Virtru offers a signed Business Associate Agreement (BAA), ensuring your PHI is protected in compliance with HIPAA.

  • User-Friendly: It integrates directly with Gmail and Outlook and uses an easy-to-use, one-click interface for encrypting emails.

Pricing: $119/month for a single user, with more advanced plans available for organizations that require more robust features like team management and audit tracking.

3. Hushmail

Hushmail has been a trusted provider for HIPAA-compliant email services for years. It’s especially popular with solo practitioners and small practices, offering a simple, user-friendly interface, secure email features, and built-in e-signature functionality.

Key Features

  • Built-in Encryption: Hushmail automatically encrypts both incoming and outgoing emails.

  • Secure Forms and E-Signatures: In addition to secure email, Hushmail offers secure forms and e-signatures to collect PHI and have patients sign documents securely.

  • Easy-to-Use: Known for its intuitive interface, Hushmail doesn’t require users to be tech-savvy to start sending secure emails.

  • BAA Included: Hushmail offers a signed Business Associate Agreement, ensuring that your emails meet HIPAA’s standards for confidentiality.

  • Two-Factor Authentication: For added security, you can enable two-factor authentication to prevent unauthorized access to your account.

Pricing: Starting at $11.99/month for a single user. Hushmail offers a range of plans depending on the number of users and features you need. The healthcare plan is best for practitioners who need HIPAA-compliant email, secure forms, and e-signatures.

4. LuxSci

LuxSci is a great option for larger practices or healthcare organizations that need advanced, customizable features. It provides enterprise-level email security with robust encryption options, secure messaging, and high scalability.

Key Features

  • Customizable Security Options: LuxSci allows you to customize your security settings, offering a wide range of encryption and protection options to suit your needs.

  • Email and Secure Messaging: Along with HIPAA-compliant email, LuxSci offers secure messaging services, which is ideal for healthcare teams who want to communicate both internally and with patients securely.

  • BAA: LuxSci provides a signed Business Associate Agreement and is fully compliant with HIPAA.

  • Support for High-Volume Email: Perfect for larger organizations, LuxSci can handle a high volume of encrypted emails, which is important for practices with many clients or departments.

Pricing: Starting at $50/month, but pricing can increase significantly based on the number of users, storage needs, and the level of encryption or additional features required. LuxSci offers custom pricing based on your specific needs.

5. MailHippo

MailHippo is one of the most affordable options for small practices and therapists looking for HIPAA-compliant email without breaking the bank. Despite its lower cost, it offers encryption, a BAA, and easy integration with existing email systems.

Key Features

  • Email Encryption: Automatic email encryption for all outgoing messages containing PHI.

  • Simple Setup: Known for being easy to use, MailHippo integrates directly with Gmail, Outlook, and other common platforms.

  • BAA: Offers a signed Business Associate Agreement to ensure full HIPAA compliance.

  • Web-based Secure Portal: Patients and clients can securely access emails and attachments via a web portal.

Pricing: Starting at $4.95/month per user for basic features, with additional features (e.g., more storage, larger attachments) available at higher price points.

6. NeoCertified

NeoCertified stands out for its secure, integrated approach to email and document management. It’s ideal for small to medium-sized healthcare practices that want an easy-to-use, all-in-one solution for sending HIPAA-compliant emails.

Key Features

  • Secure Email Encryption: NeoCertified automatically encrypts all emails, including attachments, ensuring PHI is protected.

  • Secure Portal: Provides a secure portal where clients can view encrypted messages and upload documents securely.

  • BAA: A signed Business Associate Agreement is provided, ensuring HIPAA compliance.

  • Custom Branding: Offers custom branding options, so you can tailor the service to fit your practice’s needs.

Pricing: Starting at $99/year per user, with volume discounts available for larger practices.

7. Aspida Mail

Aspida Mail is a user-friendly, affordable solution for smaller healthcare providers. It provides secure email with the added benefit of secure communication tools, including the ability to securely send and receive sensitive documents.

Key Features

  • Automatic Encryption: Automatically encrypts emails containing PHI, ensuring they are secure during transmission.

  • Secure Portal: Offers a secure portal for both sending and receiving PHI, making it easy for patients to access their records.

  • BAA: Aspida Mail includes a Business Associate Agreement, ensuring your PHI is protected in compliance with HIPAA.

  • Simple Setup: Designed to be easy to implement, even for practices with limited tech resources.

Pricing: Aspida Mail offers custom pricing based on your practice’s size and needs. Contact them for a quote.

FAQs: HIPAA Compliant Email

  1. Can I use regular email (e.g., Gmail or Outlook) to send patient information?

     Yes—but only if your setup meets key safeguards. You need encryption, audit logs, strong access controls and a signed Business Associate Agreement (BAA) with your provider.

  2. What makes an email service “HIPAA‑compliant”?

     It means the service supports protection of Protected Health Information (PHI) by ensuring confidentiality, integrity and availability of ePHI, offers access and transmission controls, and the vendor will sign a BAA.

  3. Do I always need to encrypt emails I send to patients?

     In most cases yes, particularly if you’re transmitting PHI. Encryption during transit and at rest is a best practice—and often necessary to meet the “reasonable safeguards” standard.

  4. Is a disclaimer at the bottom of an email enough to make it HIPAA‑compliant?

     No. A disclaimer helps notify recipients, but it does not substitute for encryption, access controls, audit tracking and other security safeguards.

  5. What is a Business Associate Agreement (BAA) and why is it important for email providers?

     A BAA is a contract between you (a covered entity) and your service provider (business associate) that outlines how the provider will protect PHI. Without it, you may not meet HIPAA requirements.

  6. What do I have to include in my email security settings to be compliant?

     Key settings include: automatic encryption of messages, multi‐factor authentication for access, automatic session timeouts, audit logging, and enforced access controls.

  7. Can I send PHI via email if the patient has agreed to receive unsecure email?

     It’s possible, but risky. If a patient opts in to unsecure email, you should document their consent, explain the risks, and still apply as many safeguards as possible.

  8. Which emails exactly need to be secure?

     Any email containing PHI must be safeguarded. If an email does not contain PHI, and you’re sure it won’t identify a patient, the stricter safeguards may not apply—but it’s often safest to treat all patient‐related emails as if they do.

  9. Are patient portals a requirement for HIPAA‑compliant email?

     Not necessarily—but many secure email systems use a portal model for recipient access. What matters is that PHI is protected in transit and at rest, and only authorized recipients can access it.

  10. What are the risks if my email system isn’t HIPAA‑compliant?

     Major risks include patient PHI breaches, regulatory fines, damage to your practice’s reputation, and potential legal liability. Recent email‐related breaches have resulted in large settlements.

  11. How often should I review my email policies and security settings?

     Regularly—ideally at least annually, or whenever there is a change in technology or your practice’s workflow. Ongoing audits help maintain compliance.

  12. What should I train my staff to do regarding email communications?

     Staff should know when to use encrypted email, how to verify recipients, how to handle email attachments securely, how to report an incorrect send, and the basics of PHI definition.

  13. Can I rely on just TLS (transport layer security) encryption?

     TLS helps protect email in transit, but it may not cover encryption at rest or ensure full control over messages once delivered. A fully compliant solution typically offers deeper encryption and policy controls.

  14. Does HIPAA require me to keep every email forever?

     HIPAA requires covered entities to retain certain records for up to six years in many cases. That means your email retention and archiving policies must support that timeframe if they include PHI.

  15. If a patient sends PHI without encryption, am I automatically violating HIPAA?

     Not always. If a patient initiates communication by email, you may proceed—but you must ensure your system has safeguards in place and you’ve documented risk and consent when appropriate. 

Final Thoughts

Remember, implementing HIPAA compliant email is an ongoing responsibility that requires proper setup, staff training, and regular monitoring. Take time to evaluate your current email practices, choose a provider that meets your specific needs, and establish clear policies for your team. Your patients’ privacy and your practice’s compliance depend on getting this right.

Ready to secure your email communications? Start by reviewing the providers we’ve outlined, request demos from your top choices, and ensure any provider you select is willing to sign a Business Associate Agreement. Taking these steps today protects both your patients and your practice for the future.

 

Picture of Ken Reiher
All Posts

Ken Reiher

After more than 20 years of consulting and management experience in healthcare, I understand how quickly things can shift. My prior work in revenue cycle, finance, corporate compliance and auditing helped me appreciate the importance of building relationships to develop strategies and facilitate required change. In my current role as VP of Operations for ComplyAssistant, I wear quite a few hats, managing business operations, supporting consulting engagements, assisting with product development and supporting client engagement. I enjoy working directly with clients, listening to their needs, and working hand-in-hand with the software development team to create solutions that work for the modern needs of security and compliance in healthcare and other verticals. I received my BS and MBA degrees from Fairleigh Dickinson University Madison. And, I’m honored in my role to contribute to various industry publications, and to be affiliated with HIMSS (NJ, NY, Delaware Valley and National), NJPCA, NJAMHAA and HFMA (NJ and National).
Linkedin