How HIPAA Email from MDofficeMail Works
Email, Protected Health Information, and HIPAA
Majority of healthcare providers and patients use free email service or the one provided by the internet or web hosting service provider. Connection to most of these services is standard, unencrypted/unsecured (HTTP) and the servers may not be secure. Meaning any sensitive information like PHI sent using these email services can be intercepted and stolen.
HIPAA doesn’t prohibit using email as a medium for sending/receiving Protected Health Information (PHI) in spite of this potential threat. However, by setting up standards it has ensured that the security of patient information via email-based communication is not compromised.
MDofficeMail has implemented these standards in their services and is fully compliant with HIPAA policies by following recommended procedures aimed at maintaining the integrity of PHI by restricting unwarranted access.
In 2010, the HITECH Act went into effect, amending the HIPAA Privacy and Security Rules. One of the most important change is, the maximum penalty for a HIPAA violation is increased to $1,500,000 from $250,000. Fines as well as criminal penalties can be imposed on the violating institution and the individuals involved.
The fact is that, not only the sender, but also the recipient should use a secure service to protect the data sent through email.
How MDofficeMail, HIPAA compliant email hosting service works
MDofficeMail offers security at both the ends, sender and recipient: SSL & MDVault
At the sender's end MDofficeMail operates securely without the need for additional software, hardware, or certificates. using SSL over the Web or through your existing email client (MS Outlook/Apple Mail etc). Webmail and POP/IMAP are always secure with SSL. SSL establishes encrypted pipe to MDofficeMail servers providing rock-solid protection.
For the security at the recipient's end is taken care by MDVault. MDofficeMail offers MDVault to overcome this most important issue of security at recipient's end. MDVault is an exclusive service meant for maximum security to recipients outside MDofficeMail servers. By continuing SSL security pipe past MDofficeMail servers MDVault takes care of the security needed for HIPAA and other regulatory requirements.
With MDofficeMail you are using VeriSign's RSA-powered SSL/TLS, the most powerful and secure form of SSL available. Right at the connection point, well before any login or password information is entered MDofficeMail user is communicating over a secure channel!
( see message flow diagram below )
Webmail: While using MDOfficeMail via Web browser, SSL establishes an encrypted pipe to MDofficeMail servers using VeriSign's RSA-powered SSL/TLS, the most powerful and secure form of SSL available, providing rock-solid protection. Right at the connection point MDofficeMail user will be communicating over a secure channel, well before entering username and password!!
MS Outlook and other desktop client applications: MDofficeMail works only with SSL/TSL and secure ports for POP, IMAP and SMTP while using desktop and smart phone emaill client applications. Though MDofficeMail looks similar to any other email service, the difference is that all messages sent and received are protected by SSL/TLS security along with advanced Anti-Virus and Spam Filters. MDofficeMail works only with port 995 for POP, 993 for IMAP, 465 and 25 for SMTP. This prevents unsecured connection with the server.
Messages are encrypted automatically without any manual intervention for security at recipient's end if the recipient is a non-MDofficeMail user. Message is securely stored in MDofficeMail server and a message receipt intimation is sent.
When the recipient is a MDofficeMail user, for the convenience of recipient secure message is directly delivered without the additional MDVault encryption. This prevents unnecessary decryption process by the MDofficeMail recipient.
Messages can be directly delivered to non-MDofficeMail users also just by typing :: in the subject line. This is very useful and convenient to the recipient when no-PHI messages are sent.
MDofficeMail user: Secure and HIPAA compliant messages are delivered just like any other email service. Messages can be viewed without the necessity of passwords or decryption process.
Non-MDofficeMail users: Received secure message is stored in MDVault without getting delivered to the recipient. Instead a simple message informing the receipt of a secure message is sent to recipient. When the recipient clicks the link provided in the message a secure webpage opens up and a secure SSL connection is established with the server. Recipient can view the message by entering password.
First time recipients need to create their password. Same password can be used to view messages from any MDofficMail user, anytime in the future. Sender can authenticate first time recipient with a security code. This auto-generated code can be provided by the sender of the email and this code needs to be entered by the recipient to create password.
Recipient can reply securely from the same window. Message can be securely downloaded and saved in the local computer. With MDofficeMail anyone can initiate a secure message to any MDofficeMail user from the secure webpage https://EmailYourDoc.com
- Facility to expire already sent message: When an encrypted message consisting of PHI is sent to wrong recipient sender can prevent the recipient from viewing that message by force expiring the message.
- Legal Archival: All incoming and outgoing emails are stored in a secure remote server which cannot be edited or deleted. As long as the user is active archived messages can be viewed and downloaded.
- Automatic Session timeout for web browser and MDVault..
- Access logs and Audit controls: Access logs can be viewed for each user.
- Facility to validate new recipient. New recipient needs to enter a 6-digit code to access email received. This auto-generated code can be provided only by the sender of the message.
- "Email Your Doc" Anyone can initiate secure message to MDofficeMail user.
- Mobile phone access: Our service is HIPAA compliant with most of the smart phones.
- BCC Archiving: Domain level BCC archiving can be configured so that all the incoming and outgoing messages of all users can be saved into a specific mail account.
- Customization: MDofficeMail offers very high level of UI customization. Custom logos, banners, and look & feel is possible for domain plans.
- Calendar, a great planning tool. Set reminder messages for appointments and work deadlines. Since MDofficeMail calendar automatically stores information on your email server, you can access your schedule from any computer you use. Optionally share your entire calendar or just particular events with other users.
- Emergency Glass Break. Administrator can access the email messages of other users in their group in case of emergency.
- Security is strictly enforced. MDofficeMail can be accessed only with https and ports 995, 993, 465, and 25
- Encryption is enforced by default for all emails that are leaving MDofficeMail server. Configurable to send plain msgs by default and encrypted msgs manually for domain accounts.
- End-to-end protection. Secure access not only at sender's end, but also at recipient's end irrespective of the email service the recipient is using. Learn how...
- Secure but plain message are sent to all MDofficeMail users and "Family & Friends" automatically. MDofficeMail is capable of detecting other users of MDofficeMail. Plain messages are sent to these recipient. Email addresses of friends and family can be configured so that plain messages are sent to them.
- Facility to send plain messages: Unencrypted emails can be sent just with a single click.
- Advanced spam prevention and virus filtering: MDoffice Mail offers advanced features to identify undesirable spam email, block virus infected mail and prevent abuse of your mail server by spammers. These features can be individually configured.
- Auto migration. Messages from the Inbox of other email account can be migrated with ease.
- Change password reminder: User is prompted to change password after 80th day. As HIPAA compliance recommends to change password every 90 days, users are automatically reminded to change password.
- Strict Privacy Policy: MDofficeMail strongly believes in safe-guarding details of their client. Client information including name, address, and phone number will not be given to any third party. Credit card payments are processed by PayPal and details are securely saved by PayPal and MDofficeMail doesn't have access to those details.
CryptnSend email encryption service is meant for providing security and compliance to Gmail, Yahoo and other free email service users. CryptnSend can be used with any email account that is hosted elsewhere.
CryptnSend operates securely using SSL over the Web or through desktop email client (Outlook Express/MS Outlook etc) without the need for additional software, hardware, or certificates. CryptnSend Webmail and SMTP are always secure with SSL. Additionally, SSL establishes an encrypted pipe to CryptnSend servers using VeriSign's RSA-powered SSL/TLS, the most powerful and secure form of SSL available, providing rock-solid protection. Right at the connection point CryptnSend use is communicating over a secure channel, well before entering username and password!!
- Continue to use your existing email account as before.
- Subscribe to Crypt-n-send service for your current email id and setup CryptnSend password.
- Url for CryptnSend Webmail and SMTP server details will be provided to you.
- You are ready to send secure messages in four different ways:
1. Compose-Webpage
2. Webmail
3. iPhone/Android App
4. MS Outlook / Apple Mail / Any other email client application
Compose-Webpage, Webmail, and iPhone/Android App: Login with your email id and CryptnSend password, compose and send. For MS Outlook / Apple Mail / Any other email client application, create a new account in the application using your email id, CryptnSend password and CryptnSend SMTP server details. Use this account to send secure messages and your regular account to send other messages without PHI. - Message sent is using any of the above methods are routed through the SMTP server of CryptnSend service instead of the SMTP of original service provider of that email account.
MDofficeMail users: Secure and HIPAA compliant message is delivered just like any other email service. Messages can be viewed without the necessity of passwords or decryption process.
Non-MDofficeMail users: Message send using CryptnSend is stored in MDVault without delivering it. Instead the recipient will receive a simple message informing the receipt of a secure message. When the recipient clicks on the link provided in the message, a secure webpage opens up and a secure SSL connection is established with the server. Recipient can view the message by entering password.
First time recipients need to create their password. Same password can be used to view messages from any MDofficMail user, anytime in the future. Sender can evaluate the first time recipient by with a security code. This auto-generated code can be provided by the sender and this needs to be entered by the recipient to create password.
Recipient can reply securely from the same window. Such replies will be encrypted and delivered to the regular (original) Inbox of CryptnSend user. Message can be securely downloaded and saved in the local computer.
MdVault
| MDVault helps to send HIPAA-compliant, encrypted messages to any recipient, for end-to-end protection.. |
Features
| Email archives, Data backup, Calendar, File sharing, Access logs, Audit files, Spam control, Virus protection, Auto migration and.. |
Email Your Doc
| Anyone can send a secure message to a MDofficeMail user!! Just go to the webpage, compose and send! |
Legal Archival
| All email messages are stored in a secure remote server which cannot be edited or deleted.... |
Secure Fax
| No more fax machines, telephone lines. Subscribe to MDfax to send/receive HIPAA compliant fax from your email or desktop... |
