The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996, because of the increasing need to address growing technological changes and the problems with standards arising from it. With the introduction of HIPAA, health standards and privacy protections for individually identifiable health information (PHI) were standardized federally in a manner that would prevent the erosion of privacy owing to new technology.
Part of HIPAA regulates group health plans and some individual health insurance policies. But the most commonly referenced part provides policies, procedures, and guidelines for preserving the privacy and security of PHI. It also identifies offenses related to healthcare, and sets out penalties for violating the rules. Compliance with HIPAA is mandatory when organizations deal with PHI in any way. HIPAA exists to protect the security and the privacy of patients and their information. The act covers both protections from breaches and the necessary steps that must be taken if a violation does occur. There are four important aspects of HIPAA compliance – the HIPAA Enforcement Rule, HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule.
Transactional Email is a type of email sent to assist an agreed-upon interaction between a sender and recipient. In US Healthcare, this is often between a provider and a patient. Transactional Emails may also be called “triggered” emails because they can include any email that is generated by a patient’s interaction with a patient portal or smartphone app. In US Healthcare, common transactional email use cases include medication reminders, lab test results, medical proof of delivery, and billing reminders.
HIPAA Compliant Transactional Email
Patient portals were designed by US Healthcare providers to allow patients easy access to their medical records and to allow communication with their provider. In theory, they were designed for patients to easily interact with their healthcare provider.
In a recent study by the Centers for Medicare and Medicaid Services (CMS) however, 66% of US hospitals reported zero patients attempting to access their patient portals. In a nutshell, the friction introduced by patient portals defeat their very purpose. Transactional email for most businesses often doesn’t have sensitive information and can be sent without worry of encryption.
But because a transactional email can have protected health information (PHI), it requires email providers to be HIPAA compliant. Because there are limited options when it comes to HIPAA compliant transactional email providers, most providers, and as a result consumers, are left out in the cold.
But by using HIPAA compliant transactional email to securely deliver information that contains PHI to a patient’s inbox, US healthcare providers can meaningfully increase patient engagement.