[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Looking for HIPAA Compliant Email Service

Posted on 2012-08-30
4
Medium Priority
?
1,433 Views
Last Modified: 2012-08-30
Good morning. I have been looking for a HIPAA Compliant Email Service to replace an Exchange Server. During my search I have found a company called MD OfficeMail. I am testing their service and like how it works, however it's not Exchange and they don't have a calendar service.

Is there a recommended HIPAA compliant email service that offers Exchange?

Thanks.
0
Comment
Question by:Poly11
  • 2
  • 2
4 Comments
 
LVL 6

Expert Comment

by:page1985
ID: 38350504
When you say HIPAA compliant, perhaps this is something we need to elaborate on.  The HIPAA standard requires secrecy which can be accomplished through standard SSL encryption.

What, specifically, is your goal?  Are you simply wanting a service that provides email accounts to your employees?  Are you wanting to send secure email between your organization and partner organizations?  Any commercial email provider (Microsoft Office 365, RackSpace, etc.) should be "HIPAA compliant" from the stance that the provider will not release the contents of any of your mailboxes to any third party without a court order/subpoena.  This is HIPAA compliant.

Additionally, as long as all emails which contain PPI (patient information, medical records, billing information, etc.) is transmitted to and from the provider using SSL (such as a webmail address that begins with HTTPS), 128-bit encryption is also HIPAA compliant.

If you want to go a step further, you can obtain Email Encryption certificates (see http://www.startssl.com for certs) so that your users can encrypt individual email messages and even the provider cannot see them.
0
 

Author Comment

by:Poly11
ID: 38350535
Thanks for the reply Page1985. We are looking to move the Exchange server to a commercial provider. We are looking for recommendations for the best provider who can also provide a HIPAA Business Associate Agreement. Several of the providers I have spoken with said that they are compliant, but will not provide an agreement. We cannot rely on a statement that they are "HIPAA Compliant". We need documentation.

Thanks
0
 
LVL 6

Accepted Solution

by:
page1985 earned 2000 total points
ID: 38350574
So you need a provider who is willing to sign a contract with you which binds them to the HIPAA standards you are also bound to?

That's definitely going to be a special hosting company that targets medical.  Most all mainstream providers will give you compliant service, but most companies will not sign a contract you request because the sales person you're dealing with doesn't have the authority to bind the company into an agreement.

This is the only one I'm finding that advertises HIPAA-centric hosting and is a company whose name I recognize.

EarthLink Cloud
http://www.earthlinkcloud.com/hosting/hipaa-compliant-exchange-hosting/
0
 

Author Closing Comment

by:Poly11
ID: 38350718
Perfect! Thank you.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question