Legal Information

Healthcare Insurance Portability and Accountability Act Compliance

What is HIPAA?

The Health Insurance Portability and Accountability Act or HIPAA is an Act enacted by the US Congress in 1996. Its main purpose is to modernize the healthcare information by protecting personally identifiable information of the patients. It mandates the US health care units to safeguard the records, audit controls, patient information and comply with transmission security.

Safeguarding the Protected Health Information (PHI) of patients is one of the main objectives of HIPAA. For instance, when too much PHI is disclosed without limiting it to the minimum necessary information, it is considered as an unintentional HIPAA violation. The penalties for HIPAA are expensive and the violation includes both civil and criminal penalties. For reasonable breaches, the fine can range from $100 to $50,000 per violation based on the level of negligence. Deliberate negligence of handling the PHI additionally carries criminal charges with jail time.

Who's affected by HIPAA compliance

HIPAA is not only limited to healthcare units and hospitals but also affects insurance companies, organizations providing data and software solutions to the former units dealing with PHI.

Sigsync's responsibilities for complying with HIPAA

a) Using highly secure methods

  • Sigsync uses secure Azure email cloud services for email signatures and disclaimers.
  • It uses Microsoft OAuth 2.0 and TLS encryption for authentication and Sigsync will never ask your credentials instead you will be redirected to Microsoft sign in page for authentication.
  • To protect privacy, a TLS encrypted connection to the Sigsync service ensures that information cannot be read by any third party in between regardless of the device you use to communicate.
  • Apply automatic email rules with Sigsync Exchange Rules for secure message flow. If you want to be sure all legal requirements concerning acts are fulfilled in your country, you may ask your lawyer for professional legal advice.

b) Maintaining user privacy

  • Your Office 365 credentials are not stored anywhere on Sigsync or any other third-party servers.
  • We take extensive measures to protect our network, applications and infrastructure and give highest priority to the privacy of data.
  • Sigsync follows Information Security Management Standards ISO 27001 certification. Additionally, it is also GDPR compliant for protecting the privacy of user’s data.

c) Limiting employee access making them aware of best security practices.

  • We train our employees to follow best security and privacy practices and restrict access to internal systems.
  • Employees at Sigsync are required to acknowledge privacy policies before letting access to system.
  • All the necessary technical measures are taken to ensure that personal data is protected making Sigsync HIPAA compliant.

Customer's responsibilities for complying with HIPAA

  • As an admin of Sigsync service, you will be able to make changes to the settings and rules to meet the security and privacy requirements of your organization.
  • The settings stored are encrypted and can be accessed only with your login.
  • Strengthen the authentication by using Sigsync multi-factor authentication, MFA increases the security of user logins for cloud services above and beyond just a password.
  • Conduct periodic reviews and change the roles to make sure that the information is only in the right hands. Admins can be changed or removed as per the requirement from the admin console.
  • Create a strong and unique password for your account and change the password frequently to protect it from unauthorized access.

Hipaa disclaimer

A HIPAA compliant disclaimer added using Sigsync Office 365 email signature as shown above, explicitly informs the patients and also the recipients that the data contained within the email is highly sensitive health information without assuring complete security. The recipients who respond back to the email are liable for any consequences if the email is tampered with. The HIPAA compliant disclaimer also notifies the recipients to forward the email to the intended email address or delete it if they don’t comply with the disclaimer. Without the HIPAA compliant email disclaimer in place, your organization might be legally responsible in the event of the email being used for any unintended purposes.

Minor healthcare services and individuals can add HIPAA compliant email signatures by using Outlook or similar email clients.

For bigger healthcare units, the disclaimers are generally managed and added by your IT administrators. In Outlook or similar email clients, the disclaimers are not displayed in the sent items folder and are cumbersome to manage centrally. Using the native solution, it is not possible for a sender to find out if the added disclaimer text contains the right information while composing an email. Updating a HIPAA compliant email signature for each user is practically not feasible and involves substantial risk and legal consequences in the case of non-compliance.

Sigsync is a centralized HIPAA compliant email signature service for Office 365. It makes all your emails compliant with HIPAA when a suitable disclaimer is appended. Since it is a cloud-based service, disclaimers can be added from a host of devices including desktop, smart-phone, tablets etc. making sure that emails that leave from any device comply with HIPAA.

Free On-demand Product Demo

Sigsync email signature service offers company-wide and centralized email signature
for Office 365 and Exchange. We can assist you in getting your signature ready effortlessly.