Why your email should be HIPAA compliant

With email only increasing as the main way many patients and organizations want to do business, the advantages of using email far outweigh the risks for healthcare practices. Technology has even made HIPAA compliance for email easier and more affordable than ever.

This is a guest post written by Hoala Greevy, the Founder and CEO of Paubox.

The most obvious reason to make your organization’s email HIPAA compliant is to avoid any fines that can result from sending protected health information (PHI) in unsecure email.

When a breach happens, the cost can be astronomical both monetarily and in terms of your reputation. Companies like Sony and Anthem have shown how much damage can be done when email and data is compromised, and the threat of a breach is only increasing.

Symantec’s 2014 Internet Threat Report found breaches increased 23% over the previous year, with Healthcare being the major focus of hackers (37% of total breaches). One out of every 965 emails was a phishing attack, and hackers also make attempts to intercept your messages in transit and access information if it’s not encrypted.

However, an often overlooked reason for many breaches is not so simple to fix – human error.

In 2014, IBM’s Cyber Security Intelligence Index report found that over 95% of all incidents investigated recognized human error as a contributing factor. Even with great processes and technology, human error can’t always be solved for. Many times the employee does not even know they made an error until after a breach has occurred.

To avoid fines, some healthcare organizations don’t fully take advantage of the productivity that technology offers by still requiring patients to pick up documents or using “snail mail.” This can create a very frustrating patient experience and increase operational costs.

But there are ways to enjoy productivity gains and mitigate some of the risk for human error by having the right solutions. Making your email HIPAA compliant can greatly reduce the risk of accidentally sending (PHI) in an email. Having robust inbound phishing and SPAM filtering also lowers the risk of an employee accidentally opening an email they shouldn’t and compromising the organization.

Thankfully, there are now many HIPAA compliant email providers that can provide different levels of security for your organization. Some providers like Paubox, offer both email encryption and inbound filtering on a per user basis at an affordable cost, which is great news for small and medium-sized practices.

Secure HIPAA compliant email allows healthcare practices mitigate risks of a breach, and can help make processes more efficient and improve the patient experience without compromising PHI.

Hoala Greevy


Hoala Greevy is the Founder and CEO of Paubox, which helps organizations in regulated industries become more agile and efficient with seamless email encryption and file sharing. Greevy has over 16 years of experience in the email industry.

Hoala Greevy Paubox