HIPAA Compliant Email
Secure Email for HIPAA Compliance is Easy to Setup and Works Anywhere – only $7 a month!
Sending and receiving HIPAA email has never been easier! VM Racks Electronic Protected Health Information is considered extremely sensitive information that needs to be protected in storage and in transmission. VM Racks offers a secure HIPAA compliant email solution that allows you to send and receive messages and attachments with any email client using your own domain. VM Racks now offers a cost effective, fully secure, HIPAA Compliant email solution with advanced encryption technology. Account pricing is based on a 12-month commitment, however you pay monthly and not up-front like other HIPAA email providers require.
You do need a custom domain for HIPAA Compliant Email. If you don’t have one, don’t worry, our setup includes domain management and an optional domain name registration for only $18.99 a year. In addition, you can add Domain Privacy to your Account when you click the Sign Up link below.
Need more than 100 mailboxes?
Contact us for a quick quote.
The Encryption Workflow diagram below shows how messages are encrypted at the gateway using special policy rules, preventing unauthorized access to protected data. Recipients can access and read the decrypted message by entering a one-time passcode, or simply by signing in to their account.
We know that you don’t have time to waste, which is why our support team is here to help 24/7 with any issues, questions, or concerns about our secure email solution. Whether it means walking you through setup, the seamless installation process for our Microsoft Outlook plug-in, or troubleshooting an issue you may be having with your secure account, we’re here to assist you!
VM Racks maintains the following certifications: SSAE 16 SOC 1 Type 2 SOC 2 Type 2, and SOC 3 Type 2
HIPAA Compliance Requirements for Email Solutions
There are five (5) specific HIPAA requirements as related to email:
- Access Controls: A covered entity must implement technical policies and procedures limiting access to systems containing electronic protected health information (ePHI) only to personnel with sufficient access rights. (164.312 (a)) The Access Controls specifications include:
- Audit Controls: A covered entity must implement software that record and examine activity in information systems that contain or use ePHI. (164.312 (b))
- Having Unique User Identification.
- Having an Emergency Access Procedure.
- Having Automatic Logoff Process
- Having Encryption and Decryption Process
- Integrity: A covered entity must implement policies and procedures to protect ePHI from improper alteration or destruction. (164.312 (c)). This includes having a mechanism to authenticate ePHI.
- Person or Entity Authentication: A covered entity must implement procedures to verify a person or entity accessing ePHI is the one claimed. (164.32 (d))
- Transmission Security: A covered entity must implement technical measures to guard against unauthorized access to ePHI that is being transmitted over an electronic communications network (164.312 (e)). This includes having integrity controls and encryption.
More HIPAA Compliant Email Hosting requirements
- – According to HIPAA, any company that handles medical records is considered a ‘Business Associate’ and would need to sign a Business Associate Agreement (BAA).
- – VM Racks signs a BAA for all HIPAA clients.
- – Using a HIPAA compliant email solution from VM Racks ensures that all emails dealing with ePHI are only accessible by entitled covered entities.
- – Train and re-train your medical staff who have access to ePHI and all medical records on updated HIPAA procedures regularly.