FAQ - HIPAA Compliant Email

Security and encryption is enforced without compromise for all the email messages sent from MDofficeMail and CryptnSend. An SSL (or TLS) session is initiated before login or password information is exchanged and well before any data is transmitted. Server certificates we use are 100% secure using RSA-powered TLS (Transport Layer Security). Email sent to other than “Safe Recipients” i.e. any account outside MDofficeMail service will be force encrypted and secured by MDVault to maintain compliance with security regulations. Click here for more information. All messages sent using CryptnSend service are encrypted by default.

MDofficeMail / CryptnSend / Faxtone services are specifically meant for US healthcare providers. However MDofficeMail is can be accessed from few other countries in addition to the United States.

For security reasons MDofficeMail / CryptnSend / Faxtone services are not accessable from some geo locations outside the United Staetes. Please contact us for details.

• All the email addresses in your domain.
• All the email accounts hosted with MDofficeMail. This will be automatically detected.
• All the email addresses that are certified by the user as “Safe Recipients” and added to “Safe List" in the address book.

All these email addresses are automatically detected by MDofficeMail.

Any HIPAA compliant email server/service user is a “Safe Recipient”.

All those whose security credentials are unknown are “Other recipients”. We strongly recommend to send secure and encrypted email messages these recipients to maintain security and meet compliance requirements.

When a message is sent to “Other Recipient” it is encrypted with industry-standard AES-256 encryption in CBC mode with MD5 hash. This is the same kind of encryption is used by many Banks and Federal agencies around the world to protect their data.

These “Locked Messages” are not delivered to the Inbox of recipient. Instead they are stored in secure server MDVault of MDofficeMail. A notification is sent to the recipient informing a secure, encrypted message has been received.

When a locked (encrypted) message is sent, it is stored in our secure server MDVault and just a notification is sent to the recipient, containing a secure weblink. By clicking this link and entering password recipient can log into our secure server, decrypt, view the message, and download attachments if any. In addition the recipient can send secure reply.

Encrypted messages are sent by MDofficeMail for security and compliance. These messages needs to be decrypted with a password to view them. It is very much possible to send plain messages instead of encrypted messages. Please visit hipaa-email-plain-message.html for more information.

The HITECH legislation is Title XIII of the 2009 American Recovery and Reinvestment act, and can be found here:
http://www.gpo.gov/fdsys/pkg/BILLS-111hr1enr/pdf/BILLS-111hr1enr.pdf

We respect your privacy. We never rent, sell or share client details with anyone.