Looking for HIPAA Compliant Email Service

Posted on 2012-08-30
Last Modified: 2012-08-30
Good morning. I have been looking for a HIPAA Compliant Email Service to replace an Exchange Server. During my search I have found a company called MD OfficeMail. I am testing their service and like how it works, however it's not Exchange and they don't have a calendar service.

Is there a recommended HIPAA compliant email service that offers Exchange?

Question by:Poly11
    LVL 6

    Expert Comment

    When you say HIPAA compliant, perhaps this is something we need to elaborate on.  The HIPAA standard requires secrecy which can be accomplished through standard SSL encryption.

    What, specifically, is your goal?  Are you simply wanting a service that provides email accounts to your employees?  Are you wanting to send secure email between your organization and partner organizations?  Any commercial email provider (Microsoft Office 365, RackSpace, etc.) should be "HIPAA compliant" from the stance that the provider will not release the contents of any of your mailboxes to any third party without a court order/subpoena.  This is HIPAA compliant.

    Additionally, as long as all emails which contain PPI (patient information, medical records, billing information, etc.) is transmitted to and from the provider using SSL (such as a webmail address that begins with HTTPS), 128-bit encryption is also HIPAA compliant.

    If you want to go a step further, you can obtain Email Encryption certificates (see for certs) so that your users can encrypt individual email messages and even the provider cannot see them.

    Author Comment

    Thanks for the reply Page1985. We are looking to move the Exchange server to a commercial provider. We are looking for recommendations for the best provider who can also provide a HIPAA Business Associate Agreement. Several of the providers I have spoken with said that they are compliant, but will not provide an agreement. We cannot rely on a statement that they are "HIPAA Compliant". We need documentation.

    LVL 6

    Accepted Solution

    So you need a provider who is willing to sign a contract with you which binds them to the HIPAA standards you are also bound to?

    That's definitely going to be a special hosting company that targets medical.  Most all mainstream providers will give you compliant service, but most companies will not sign a contract you request because the sales person you're dealing with doesn't have the authority to bind the company into an agreement.

    This is the only one I'm finding that advertises HIPAA-centric hosting and is a company whose name I recognize.

    EarthLink Cloud

    Author Closing Comment

    Perfect! Thank you.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
    The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now