Expanding HIPAA Accountability

HIPAA Logo
As more businesses provide health care coverage, or assist employees in obtaining coverage, under the Affordable Care Act, we find ourselves possessing and managing even more sensitive personal information about our employees.  And, while we are not working with medical records, per se, we are often exposed to insurance account and activity information that cannot be disclosed.

Communications with your insurance broker or carrier should be secure — from end to end.

The good news is that you have options.

  • Policy-Based TLS Encryption
    • If your broker or carrier is willing to share some technical info, you can setup policy-based TLS encryption that will forcibly encrypt all emails between your email service and theirs.
    • They will likely need you to prove, or certify, that you encrypt data from your email service to your end users on every platform.
    • Policy-Based TLS Encryption is part of Google Apps, but not every email service is capable.
    • This is the lowest cost, but most technical solution.
  • Manual Encryption Tools
    • Third party apps, like Virtru, let users encrypt email messages before they are sent.
    • They are inexpensive and easy to use, and can also track when messages are opened or forwarded.
    • They are NOT foolproof, as they depend on users knowing what must be encrypted and remembering to do so — every time.
    • This is the lowest cost solution, but most susceptible to an accidental breach.
  • Automated Encryption Tools
    • Integrated email encryption solutions, like Zixmail, give users the ability to flag messages for encryption.
    • They also use heuristics to scan all email traffic, identifying those that should be encrypted and doing so automatically.
    • While slightly more expensive, these tools effectively monitor policy compliance and mitigate your risks.

Select the type of encryption solution you need, based on how your business operates and who is responsible for keeping information private.


 

Unlike many providers, we offer each type of email encryption service on a per-user basis. Most businesses have a limited number of staff working with sensitive information; we can provide these users with encryption services. Our approach provides the protection you need and respects your budget and priorities. Contact us to learn more.