Maintaining HIPAA compliant email between staff and patients can give healthcare providers plenty of headaches. Not only do you have to grapple with changing legislation, but you also have to work around the myriad of devices that patients use on a daily basis. This frustration (and confusion) often sends offices running toward portal systems that advertise themselves as being easy to use, for both clients and patients.
But if you ask around any crowded doctor’s office once the waiting room starts piling up, you’ll hear both patients and staff using some choice words to wish awful vengeance on whoever developed the portal they’re being forced to use. They’re clunky, not user friendly, and often not quite as secure as you’d think. Luckily, there are easier options to maintain HIPAA compliant email.
How HIPAA Patient Portals Work
Portal systems provide HIPAA compliant email by forcing all communication to happen within the confines of the portal software. This means that when you send an email using the portal system, a user is required to sign in to access that email. Most portal systems establish a secure connection while data is being transmitted, preventing outside eyes from seeing what data is being transferred between the client and the server.
Portal systems usually require patients to create their own custom username and password for that specific system, preventing anyone else from gaining access to it. As long as users can remember their username and password, their protected health information (PHI) will remain secure.
Portal Failings: Difficult to Use, Not the Most Secure
The usability issues should be immediately apparent to anyone that has had the misfortune of sitting behind a portal, desperately trying to remember yet another password in order to get access to blood work they’d had done a week earlier. That pain isn’t just for the patient, either: as every portal system is different (and if we’re honest, most of their GUIs aren’t what we’d call “organized”), it’s likely the staff need a few weeks of training just to use the thing in the first place.
Adding to the inconvenience of portal systems is the administrative burden of lost credentials. When patients forget their passwords (and they will), they often contact administrative staff for support. Added stress is seldom needed in a healthcare setting, and nobody on your admin staff wants to stop what they’re doing to walk a client through password recovery.
Then there’s the actual encryption. While, portal systems do provide HIPAA compliant email encryption services, they don’t provide client-side encryption. While having a secure connection to the portal itself is nice, that doesn’t necessarily mean that your data is entirely protected. As it’s usually the server that does the securing in the first place, your data is potentially vulnerable as it makes its way to the server. Likewise, when it is being sent to a patient, it’s likely being sent as plain text — not as an encrypted file.
Looking Beyond the Portal
Fortunately, HIPAA compliant email encryption doesn’t have to be so complex (or so potentially insecure).
Virtru provides client-side encryption within a package that works with the email provider you’re already using, and without a complicated portal. There’s no complicated setup procedure, and there’s no need to spend weeks training your staff (or worse, your patients). When you receive an email from Virtru, you simply sign up for a quick account and then proceed to read your email.
Virtru has the added bonus of allowing your patients to access their PHI right in their own email inboxes, giving them control of their secure information. Not only do they not have to worry about remembering their portal credentials, but they also don’t have to worry about logging in through multiple gateways just to access past records.
Virtru works with Gmail, and Outlook, so your office won’t have to ditch their current email addresses. Virtru also can be configured to work with iOS and Android devices, so there’s no need to worry about a portal that won’t open on a mobile device.
HIPAA compliant email doesn’t have to be a headache. Virtru isn’t just easy for you and your employees, it’s also easy for your patients, so you don’t have to waste precious office time explaining yet another complicated system to them. Just have them give you their email address, and you’re good to go.
Get a demo of Virtru today, and see how hassle-free HIPAA compliant email encryption can be.
