Legal Information

Healthcare Insurance Portability and Accountability Act Compliance

What is HIPAA?

The Health Insurance Portability and Accountability Act or HIPAA is an Act enacted by the US Congress in 1996. Its main purpose is to modernize the healthcare information by protecting personally identifiable information of the patients. It mandates the US health care units to safeguard the records, audit controls, patient information and comply with transmission security.

There are severe penalties for violating the HIPAA which includes both civil and criminal penalties. This can be against an individual or a company. When the breach is found to be reasonable, the fine can range from $100 - $50,000. However, when the breach is due to any negligence, the fines go as high as $50000 with criminal charges additionally. The fine can even go beyond $1.5 million for each violation in extreme cases and 10 years time in jail.

Who's affected by HIPAA compliance

Hospitals, doctor and dental offices, chiropractic clinics, and those who interact with protected health information (PHI) may be subject to HIPAA.

Sigsync's responsibilities for complying with HIPAA

a) Using highly secure methods

  • Sigsync uses secure Azure email cloud services for email signatures and disclaimers.
  • It uses Microsoft OAuth 2.0 and TLS encryption for authentication and Sigsync will never ask your credentials instead you will be redirected to Microsoft sign in page for authentication.
  • To protect privacy, a TLS encrypted connection to the Sigsync service ensures that information cannot be read by any third party in between regardless of the device you use to communicate.
  • Apply automatic email rules with Sigsync Exchange Rules for secure message flow. If you want to be sure all legal requirements concerning acts are fulfilled in your country, you may ask your lawyer for professional legal advice.

b) Maintaining user privacy

  • Your Office 365 credentials are not stored anywhere on Sigsync or any other third-party servers.
  • We take extensive measures to protect our network, applications and infrastructure and give highest priority to the privacy of data.
  • Sigsync follows Information Security Management Standards ISO 27001 certification. Additionally, it is also GDPR compliant for protecting the privacy of user’s data.

c) Limiting employee access making them aware of best security practices.

  • We train our employees to follow best security and privacy practices and restrict access to internal systems.
  • Employees at Sigsync are required to acknowledge privacy policies before letting access to system.
  • All the necessary technical measures are taken to ensure that personal data is protected making Sigsync HIPAA compliant.

Customer's responsibilities for complying with HIPAA

  • As an admin of Sigsync service, you will be able to make changes to the settings and rules to meet the security and privacy requirements of your organization.
  • The settings stored are encrypted and can be accessed only with your login.
  • Strengthen the authentication by using Sigsync multi-factor authentication, MFA increases the security of user logins for cloud services above and beyond just a password.
  • Conduct periodic reviews and change the roles to make sure that the information is only in the right hands. Admins can be changed or removed as per the requirement from the admin console.
  • Create a strong and unique password for your account and change the password frequently to protect it from unauthorized access.

Hipaa disclaimer

A HIPAA compliant disclaimer added using Sigsync Office 365 email signature as shown above, explicitly informs the patients and also the recipients that the data contained within the email is highly sensitive health information and does not guarantee complete security. The recipient who wishes to reply back to the email performs it at his own risk. The HIPAA compliant disclaimer also cautions recipients to forward it to the correct person or delete it if they don’t comply with it. Without the HIPAA compliant email disclaimer in place, your organization might be legally responsible in the event of the email being used for any unintended purposes.

If you are a minor healthcare service and need to add a HIPAA compliant email signature, you can do it by Outlook or similar email clients for individual users.

For bigger healthcare units, the disclaimers are generally managed and added by your IT administrators. But with Outlook or similar email clients, the disclaimers are cumbersome to manage centrally and are not displayed in the sent items folder. There is also no way to find out if the added disclaimer text contains the right information. Updating a HIPAA compliant email signature for each user is also not practically feasible. There is a heavy risk involved in the case of non-compliance which might lead to legal consequences.

Sigsync is a centralized HIPAA compliant email signature service for Office 365. It makes all your emails compliant with HIPAA when a suitable disclaimer is appended. Since it is a cloud-based service, disclaimers can be added from a host of devices including desktop, smart-phone, tablets etc. making sure that emails that leave from any device comply with HIPAA.

Want Free personalized service?

Sigsync email signature service offers company-wide and centralized email signature for Office 365 and Exchange.
We can assist you in getting your signature ready effortlessly.