HIPAA Compliant Communications

[somarco]

Hushmail was referenced in another thread by @sshafran as a resource he uses. My business model is such that I don't shuffle forms requiring a signature and what I do is not subject to CMS marketing rules but I do send things containing PHI so I decided to open this topic up for discussion.

Does anyone other than Scott use Hushmail? If so, what do you use and what are the pro's and con's? Do you use myname@hushmail dot com or something else? Is tracking available? (I use tracking on ALL my email so I know which ones are opened).

[EXTERNAL LINK] - Hushmail for Healthcare - HIPAA Compliant Encrypted Email, Web Forms & E-Signatures

 

[ValeRosso]

I don’t use hushmail, but I use Protonmail which is encrypted and actually secure. They have a request read receipt with Protonmail that will show you if they read it, but the person must give their permission first.

If you can tell if someone opened the email without their permission, its not a secure email.

https://proton.me/mail

 

[somarco]

If you can tell if someone opened the email without their permission, its not a secure email.

Guess I will keep doing business as usual, without HIPAA secure email. Tracking is my truth serum when dealing with prospects, not so much clients since I trust them. But prospects are suspects until we reach a meeting of the minds and a level of trust.

 

[sshafran]

I don't use hushmail to actually email clients, just be clarify. I only use their form for Rx intake. I've been using them a little over a year for that.

 

[chris_a]

Hi. You might want to look at FormHippo. Their plans include HIPAA compliant email which provides full audit tracking of all actions taken on messages. They also provide HIPAA compliant online forms as well. Prices start at $8.95/mo and they offer a free 30-day trial.

 

[ValeRosso]

Guess I will keep doing business as usual, without HIPAA secure email. Tracking is my truth serum when dealing with prospects, not so much clients since I trust them. But prospects are suspects until we reach a meeting of the minds and a level of trust.

Just curious, how do you utilize email tracking for your business, for what purposes are you using it?

 

[Tahoe Ray]

Guess I will keep doing business as usual, without HIPAA secure email. Tracking is my truth serum when dealing with prospects, not so much clients since I trust them. But prospects are suspects until we reach a meeting of the minds and a level of trust.

For what it's worth, I have read receipts denied on all of my email accounts. You can do it by not displaying external images on your personal email. For work accounts, you can turn them off in the user settings (this is for gmail, but the external image/pixel denial should work on any email account).

I don't want spammers to know that my email is active.

 

[somarco]

Hi. You might want to look at FormHippo. Their plans include HIPAA compliant email which provides full audit tracking of all actions taken on messages. They also provide HIPAA compliant online forms as well. Prices start at $8.95/mo and they offer a free 30-day trial.

Good to know . . . thanks!

Just curious, how do you utilize email tracking for your business, for what purposes are you using it?

Tracking proposals, email responses to client/prospect inquiries, track email sent after I leave a voice mail and they don't return my call, also track opens to see who opens my email summarizing our phone conversation.

Basically it is a tool to separate the tire kickers from those who are really interested.

For what it's worth, I have read receipts denied on all of my email accounts. You can do it by not displaying external images on your personal email. For work accounts, you can turn them off in the user settings (this is for gmail, but the external image/pixel denial should work on any email account).

I don't want spammers to know that my email is active.

Images are not automatically displayed unless I "opt-in" for emails from known senders.

The Gmail automatic spam filters work reasonably well and are much improved vs a couple of years ago. Gmail also allows me to filter emails and attach labels for sorting so I can (hopefully) readily identify email from "friendlies".

Those filters also allow me to send repeat spammers directly to trash.

 

[sman]

Hi. You might want to look at FormHippo. Their plans include HIPAA compliant email which provides full audit tracking of all actions taken on messages. They also provide HIPAA compliant online forms as well. Prices start at $8.95/mo and they offer a free 30-day trial.

Just in my very limited research, it appears FormHippo is considerably less expensive than Hushmail unless I am reading the Hushmail costs incorrectly. Somebody correct me if I'm wrong, but it looks like to have a HIPAA form on Hushmail it requires the $24.99 per month account.

 

[sshafran]

Ok, so here is a potential solution! (I'm not a lawyer, so...)

I want to be able to say this in an email or text or whatever:

"John, Lisinopril is Tier 1. Looks good to stay w/ WellCare for 2024."

Or,

"John, we have these 4 Rx's on file (list 4 Rx's). Still correct?" Simple.

Hushform is great for intake. But I want a simple way to just communicate.

.....

Solution is an electronics communications policy - Like Pharmacies Use!! They text people "John, your Rx Lisinopril is ready for pickup at Walgreens"

How do they do it? Elec comm policy opt in.

Includes language like:
You agree that Messages may include protected health information about your prescriptions, including the name of your prescription. Whoever has access to the mobile phone or carrier account will also be able to see this information.

https://www.walgreens.com/topic/generalhelp/smstermsofuse.jsp

---

So... I'm basically going to modify that... put it on a page on my website, then text people "Please reply Yes or No to our Elec Comm Policy found on website (link)" then have a field in my CRM (Opt In Confirmed w/ date).

Done.