Simple Guide to HIPAA Compliant Email & Forms

a female doctor holding the sign that says privacy

Why HIPAA Compliant Emails?

For doctors, email is not a secure form of communication, and it would not be difficult for professional conversations regarding diagnosis or treatment to be leaked or accessed by an unauthorized user.


  • HIPAA Fines are Raised to $1.5 Million
  • HIPAA Compliance is Checked on Random Visits
  • The Chance of Breach into Patient Information is Real
  • The Cost of HIPAA Compliant Email Service is Low

How It Works

When the Health Insurance Portability and Accountability Act (HIPAA) came into law, it required physicians, dentists, and other healthcare providers to protect the security and privacy of their patients’ digital records. Since that time, its guidelines have been clarified to address the electronic transfer of patient health information over an open network.

While the law permits electronic health information transfers and does not specifically prevent the transfer of patient data via email, it is only permissible under stringent security protocols. Under the law, it is providers who have the sole responsibility of reviewing their own networks and ensuring they are compliant with HIPAA standards. It is also the responsibility of providers to explore adequate security options, such as data encryption and SSL Certificates, and take the steps necessary to protect patient information.

HIPAA email and form infographics with detailed stats
HIPAA email and form infographics

HIPAA Email Violations Could Cost Millions

With the adoption of the HITECH Act in 2010, lawmakers reinforced the call for digital patient information security and raised the penalty by 600 percent! Whereas the former maximum penalty was $250,000, the new maximum skyrocketed to an astounding $1.5 million – enough to shut down a small practice. Furthermore, a 2013 amendment to the HITECH Act further enhanced privacy protections and individual rights concerning personal health information and access to digital records.

Federal law now allows for state-administered audits of individual and group practices. All state-administered HIPAA compliance audits are supposed to be performed at random. If your practice is chosen, and you are found to have even one violation of HIPAA rules, you and your business associates could face civil and criminal penalties.

“Fines, as well as criminal penalties, can be imposed on the violating institution and the individuals involved.”

NY District Attorney

Don’t Find Yourself on the Defensive Side

Instead of finding yourself on the defensive side of an audit, it is far more beneficial to adequately prepare to lower your risk of fines. Invest in HIPAA-Compliant Email from a Trusted Provider. The cost of such services is as low as $8 per email account. A very small investment when compared with the risks of not acting. Clearly, the liability of handling sensitive information over regular email accounts and email services that are not HIPAA compliant is significant and capable of destroying small medical practices.

Another common misunderstanding that especially is common among dentists, chiropractors, and optometrists is that they don’t consider their patient information as medically ‘sensitive’. Also, another point many healthcare providers get wrong is that they don’t consider simple appointment requests or online contact forms as ‘patient information’. The fact is even if a patient is filling out a regular contact form, by performing that act, the patient has revealed the fact there is a ‘medical condition’. Whether it is a toothache or a bad back, nevertheless it is a medical condition and the patient expectation is that the practice is following all privacy laws.

Online Dental Office Contact Form
Even a simple online contact form should be HIPAA compliant for a dental or medical practice. The default online forms are not. You should ask a provider for HIPAA forms.

It may seem that the conglomeration of laws and regulations surrounding patient privacy is in no way conducive to incorporating email into your practice. However, it can be done. It’s just a matter of fully understanding the rules or working with a trusted web services provider who does.

Do not be put off by the liability and rules surrounding patient privacy. If you are not already using email as a part of your practice, chances are you are considering it or you have at least been asked by patients to offer it as a service. Not only does email provide greater efficiency for you as a provider, but it can also provide convenient benefits for patients as well. Imagine how much smoother your practice could operate if the email was a part of your practice.

Many Physicians Use Email To:

  • Deliver test results
  • Update patient information
  • Remind and confirm upcoming patient appointments
  • Accept prescription refill requests

No matter what your specialty is, converting your email account to a HIPAA compliant platform can take as little as a short phone conversation. Using a HIPAA compliant email is not more complicated than regular emails and no additional technical knowledge is needed. The email will look and work just like all other email accounts offered by Gmail, Outlook, Apple Mail…

If you are interested in learning more about your options, contact us and we will send you the easy to follow steps to upgrade your email account.

Share & Rate the Article

Share on facebook
Share on google
Share on twitter
Share on linkedin
1 Star2 Stars3 Stars4 Stars5 Stars (1 Votes, Average: 5.00)

Interested in learning more?

Questions, Solutions, Pricing, Examples, Consultations