Paubox Weekly: Do you need an email portal to be HIPAA compliant?

Hello world,

Today’s Paubox Weekly is 503 words - a 2 minute read.

Want to get this type of content delivered to your inbox every Friday? Subscribe to Paubox Weekly. 

1. Do you need an email portal to be HIPAA compliant?

Some people believe the only way to have HIPAA compliant email is to utilize email portals.

Why it matters: The user experience for recipients of email portals is, at best, cumbersome and, at worst, awful.

The bottom line: Our patented method for sending HIPAA compliant email precludes the need for email portals yet maintains compliance.

Why you don't need portals to be HIPAA compliant

2. A HIPAA consent form template that's easy to share

Patient forms must be HIPAA compliant to protect sensitive information from exposure.

What's new: With Paubox Forms, healthcare providers can easily create custom forms tailored to their specific needs.

How to ensure patient forms are HIPAA compliant

3. A look at 2023 HIPAA violation fines

In 2023, the Office for Civil Rights (OCR) settled numerous cases with healthcare organizations for potential HIPAA violations.

Why it matters: These violations resulted in hefty fines and corrective action plans.

Millions of dollars at stake

4. Unprecedented breach exposes data of 33 million French citizens

The personal information of 33 million French citizens has been compromised, making it the largest data breach in the country's history.

What happened: The breach occurred in January at two payment processors, Viamedis and Almerys, which French health insurers widely use. The assailants targeted a portal used by health professionals to breach Almerys.

Due to a successful phishing attack

5. HHS finalizes new provisions in confidentiality for substance use

HHS and SAMHSA finalized modifications for confidentiality regulations regarding patients with substance use conditions.

Go deeper: The ruling emphasizes confidentiality for patients with substance use disorders and also ensures healthcare organizations communicate with one another and do not force patients to repeat steps.

The HHS released a fact sheet of changes

Community links

• FTC orders Blackbaud to heighten security after data breach. Link
• AMA: Why patients are not using portals. Link
• FAQs: Protected health information (PHI). Link
• Paubox Kahikina Scholarship Recipient 2023: Kainoa Hottendorf. Link
• Does HIPAA allow verbal consent? Link
• Paubox Kahikina Scholarship Recipient 2023: Logan Lau. Link
• How to write a healthcare compliance plan. Link
• Can physical therapists use email to send and receive HIPAA forms? Link
• FAQs: HIPAA business associates. Link
• The 6 steps of incident response. Link

Good reads from around the web

• OpenAI announces Sora, a wild AI text-to-video model. See it in action. Link
• CMS clarifies rules for HIPAA compliance when texting patient data. Link
• HIPAA protects health data privacy, but not in the ways most people think. Link
• They're back: HHS OCR plans to resurrect random HIPAA audits. Link
• US hospitals see post pandemic catch-up behind insurer healthcare costs. Link

What happened last week