Spark is a personal email client that functions much like Outlook. It features a smart inbox, smart search, and email snoozing, and intelligent prioritization of emails. These features all promise to help you reach inbox zero. But can healthcare providers use Spark to send HIPAA compliant email?
Email clients must have the ability to access (read and send emails) in order to function properly. Spark promises to work with data using the following guidelines:
In addition to following these guidelines, Spark employs other security methods for working with data, such as encrypting a portion of the email subject and body for notifications and encrypting messages on a server for its Send Later feature. Spark deletes all encrypted data after it has served its purpose.
A business associate agreement (BAA) is a written contract between a business associate and a covered entity. It outlines the duties and responsibilities that a business associate has to keep protected health information (PHI) secure. A BAA must be signed for HIPAA compliance. We could find no evidence that Spark will sign a BAA. Also, there is no mention of HIPAA compliance in Spark’s Terms of Use. The only mention of data protection corresponds to the GDPR.
We found no evidence that Spark will sign a BAA, and without a BAA a company cannot be HIPAA compliant.
Paubox Email Suite provides HIPAA compliant email that’s HITRUST CSF certified with robust security, featuring blanket TLS encryption and two-factor authentication. Paubox’s email solution integrates with the email platform you already use ( Google Workspace, Microsoft 365, or Microsoft Exchange). There are no passwords or portals to go through, as your emails land directly in your patients’ inboxes.