HIPAA Compliant Telehealth & Email for Therapists
By Gil Vidals, , HIPAA Blog, Resources

Why use HIPAA-compliant telehealth? 

Your patients value your counsel and are willing to share with you their deepest, personal struggles

As a therapist, you take those patient communications seriously, and strive to preserve their dignity and privacy. Voicemails, appointment calendars, therapy notes – you handle them all with discretion and care. 

IIt’s part of the sacred trust between therapist and client. Private health information (including mental health) must be safeguarded – HIPAA privacy rules make this clear.

But, with new advancements in online therapy, HIPAA compliance is a concern. You must ensure that your therapy notes and text are HIPAA-compliant, even when taken digitally. Your video platforms need to be safe, secure, and clear for both therapists and patients. Not to mention, your email platform requires strict monitoring and security – you and your patients will feel better with a HIPAA-compliant email for therapists.

Here’s what you need to know.

Preserving trust with a HIPAA-compliant online therapy platform

In our present context, where life and ways of operating have changed significantly since COVID-19, one means of communication you’ve probably already transitioned to (or increased your use of to safely see clients) is telehealth services. Some EHR solutions already support this technology, with built-in, secure telehealth software integrated into their dashboards.

While we can be grateful that such technology makes therapy sessions possible – aided by the reality of a smartphone or computer for clients in almost every home – certainly telehealth hasn’t been without its practical and therapeutic limitations. 

“It is harder for some folks to be in a private setting, or feel like they can get to a space where they won’t be overheard, so they sometimes won’t talk about topics that they would otherwise discuss freely with me in my office setting,” says Sarah Harrier, founder of Blue Lotus Therapy Services, LLC. In addition, “technical difficulties such as a freezing video screen or inadequate audio can also be a setback to effective meetings.”

During sessions, telehealth technology may also increase the potential to miss important “visual, non-verbal cues, like a bouncing foot or someone wringing their hands with anxiety,” Sarah notes. These in-the-moment cues can sometimes alter the course of the session, providing “an opportunity to address coping strategies, right then and there.”  

So will she continue to use it? “Face-to-face meetings are generally more beneficial due to avoiding the barriers listed above, but it does make for a great solution if someone would otherwise miss their appointment (i.e. traffic, has a fever but still wants to meet, etc). I will probably still use telehealth as an option for some clients. I live and work in Michigan and it’s my understanding that our Governor just put into place the need for insurance companies here to allow telehealth indefinitely. This will make telehealth services a viable and preferred option for many clients across the State.”

Telehealth’s rapid expansion – in part due to COVID-19 – means there are more telehealth options than ever to choose from – either as part of an EHR solution or as stand-alone software. HIPAA Vault is proud to play a supporting role in HIPAA-compliant video therapy platform efforts, providing secure, cost-effective, and compliant hosting with a highly scalable infrastructure to assist the growth of your practice moving forward.

HIPAA-compliant email for therapists

Another communication technology you’ve probably relied on – long before the COVID-19 pandemic – is email. A convenient means of sending and receiving sensitive patient data, email can be HIPAA compliant – as long as the proper protections in place. Proactive therapists like Sarah understand that an indispensable technology for this is encryption – a service integrated into all HIPAA Vault solutions. 

For those who are unaware, encryption is the process of “disguising” email content to make it unreadable, not only in transit, but all the way to the recipient’s inbox. Once received, the recipient can open and decrypt the email to make it readable only for the intended parties. 

Private communications with email depend on an encrypted network connection to make them secure, which encrypts the message itself before it leaves the sender’s inbox. Should the email be intercepted by an unauthorized user or hacker who gains access to password-protected accounts, the contents will be unreadable. Our HIPAA Compliant Email for Therapists keeps the PHI secure at all stages: in the therapist’s mailbox, during transmission to the patient’s inbox, and in the patient’s inbox.

Staying HIPAA-compliant with Gmail and Office 365

Popular offerings that need to be configured for HIPAA compliance include Gmail and Office 365 by Microsoft.

If your organization utilizes the Workspace Suite (Google Apps), then Google is willing to sign a Business Associate Agreement (BAA) with you as the covered entity. Required by HIPAA, this contract stipulates that Google will use the appropriate safeguards to protect PHI. A third-party vendor like HIPAA Vault is still required to ensure the encryption of the email from inbox to inbox (see our HIPAA compliant Gmail solution).

Once set up, Gmail can also be used for PHI on a mobile device, though again, special care must be taken to prevent unauthorized access. Google offers a two-factor authentication app for added security, requiring a password and an additional code or physical token that only the user has access to.

Microsoft’s Office 365 is another popular suite of tools that offers email, chat, and more to business users. (Additional versions of Office 365 are available for the US Government as well). Like Gmail, Microsoft Office 365 requires a third party to configure encryption for inbox to inbox transmission, and users must sign a BAA. Office 365 is also easily used on a smartphone or tablet and offers the two-factor authentication app for added security.

HIPAA Vault meets the need for a cost-effective, fully secure solution for  HIPAA Compliant email for therapists with advanced encryption technology that can integrate seamlessly with existing email infrastructure – including Gmail and Office 365. Transport Layer Security (TLS) allows users to securely transmit PHI through a secure network, harnessing advanced Data loss prevention capabilities to maintain HIPAA compliance, and prevent your sensitive data from falling into the wrong hands.

 HIPAAVault: HIPAA-compliant online therapy software

We say it often, but it’s worth repeating: no technical solution or software by itself can make you HIPAA compliant. It’s whether you will use them in a compliant way that makes the difference.

From a HIPAA standpoint, this means,

The potential of your client’s data being lost or exploited (breached, sold, or made public) depends largely on you and your practices. 

Failure to adopt and follow appropriate privacy procedures could lead to irreparable harm – not only to your clients but also to your reputation as a trusted provider. Again, this means taking HIPAA policies and practices to heart – as an integral part of patient care – and following them closely.

Yet while HIPAA privacy regulations call for secure solutions and compliant practices – whether for telehealth or email – the changing nature of technology also includes ever-evolving attack vectors from those who wish to compromise sensitive health data. With a range of communication technologies at your disposal, such as compliant WordPress websites with secure portals, secure faxing and forms, and cloud-based file management tools like HIPAA Drive, it helps to have a strong technical support team with the latest security expertise behind you. 

HIPAA Vault’s 24/7 managed security services – standard with all our solutions – means that we’re on the job for you, in support of any technical questions and needs that may arise.  Questions about how you can secure your communications for HIPAA Compliance, and receive world-class support at the same time? Give us a call (760-290-3460), or visit www.hipaavault.com.

HIPAA Vault is the leading provider of HIPAA-compliant solutions, enabling healthcare providers, business organizations, and government agencies to secure their protected health information from data breaches, threats, and security vulnerabilities. Customers trust HIPAA Vault to mitigate risk, actively monitor and protect their infrastructure, and ensure that systems stay online at all times. In addition to providing secure infrastructure and compliance for health companies, HIPAA Vault provides a full array of HIPAA-compliant cloud solutions, including secure hosting and email, HIPAA-compliant WordPress, secure file sharing, and more.

n addition to providing secure infrastructure and compliance for health companies, HIPAA Vault provides a full array of HIPAA-compliant online therapy platforms and cloud solutions, including secure hosting and email, HIPAA-compliant WordPress, secure file sharing, and more.

Avatar photo

Gil Vidals is the president and CTO of HIPAA Vault. He is a passionate, subject matter expert on HIPAA compliance and the healthcare cloud, and co-host of the HIPAA Vault podcast. Since 1997, Gil’s mission has been to provide uncompromising and affordable HIPAA compliant hosting solutions to commercial and government clients, helping protect their sensitive health information from data breaches and security vulnerabilities. HIPAA Vault has been recognized as an Inc. 5000 company and a Clutch Top B2B company. He can be reached here on Linkedin.