Paubox blog: HIPAA compliant email made easy

Email AI: an evolving guide

Written by Hoala Greevy | August 18, 2021

Last month we learned on a Zoom social mixer about our customers’ need for a secure method of transcribing audio attachments sent by their corporate voicemail systems.

As context, a central tenet of the HIPAA Privacy Rule is that covered entities must have appropriate administrative, technical, and physical safeguards in place to protect the privacy of protected health information (PHI).

In the case of our customers, they were acutely concerned over emails sent from their voicemail system containing audio attachments. More precisely, their concerns lay with the potential of end users opening these attachments in public on their smartphones.

In their opinion, the risk of PHI being overheard in public obligated them to establish elevated safeguards for their respective organizations.

In effect, the question was, “Can you develop something that converts the audio attachments to text instead?”

Keeping with our intense focus on using customer feedback as a roadmap of what to build and when, we instantly knew this was something to act on.

In a nutshell, Paubox Email Suite allows us to provide inbound security and seamless inbound encryption for our customers. We’re able to do this by being the sole MX record for our customers’ domain names. In addition, Paubox Email Suite is HITRUST CSF certified.

With this inbound email security infrastructure in place, we leveraged Natural Language Processing (NLP) to detect and transcribe these audio files on the fly.

We then insert the transcribed text into the message body and securely deliver the email to the end user, leaving the original audio attachment in place.

See Also: Email AI for HIPAA compliant voicemail transcription

 

How do you see the future of Infosec, but especially healthcare, relying on email AI?

Earlier this month we submitted a provisional patent application surrounding our novel work on Zero Trust Email.

As a recap, Zero Trust is an IT security framework that requires strict identity verification for every person and device trying to access resources on a private network.

The philosophy behind Zero Trust security assumes there are attackers both within and outside of the network, therefore no one and nothing should automatically be trusted.

In today’s landscape, the same is also true for email- we can no longer trust email sent from American hosting and infrastructure companies, as they are being abused by bad actors at unprecedented scale.

We therefore chose to focus on multi-factor authentication (MFA) for our implementation of Zero Trust Email.

MFA involves requiring more than one piece of evidence to authenticate a user. For the end user, this is often a piece of information on their phone, either a code sent via SMS or an authenticator app.

For our purposes, we chose to to use MFA not to authenticate a user per se, but a machine.

With Zero Trust Email, we now require one more piece of evidence to authenticate an email is truly legitimate and not a phishing attack cloaked under the guise of a domestic company’s email platform.

This new piece of evidence is unique to each customer and changes based on time and usage. In effect, we employ Email AI to power Zero Trust Email.

I anticipate there will be more innovations in this area, as email is constantly under attack by bad actors.

 

Will the Delta variant impact Email AI or healthcare security as a whole?


Yes, I believe the Delta variant will continue to accelerate the long overdue digital transformation in healthcare. At what speed it will accelerate is hard to say. But it will speed up, that is certain.

In addition, email attacks will continue against healthcare organizations. As we’ve covered in our monthly Paubox HIPAA Breach Reports, this has been a predictable trend since we first started doing them in 2017.

In our opinion, Email AI lays at the crossroads of both these trends. And we intend to help define it.