Four common misconceptions about encryption and encrypted email

  • Tuesday, August 6, 2019
encrypted email, Hushmail, ePHI, HIPAA compliance, misconceptions about encryption

As a therapist, you’re most likely well aware of the importance of protecting your clients’ protected health information (PHI) when it’s stored online or transmitted through emails and online forms. PHI is defined as any individually identifiable health information. The HIPAA Security Rule states that healthcare practitioners covered by HIPAA must implement technical safeguards of electronic protected health information (ePHI).

Encryption is a very demonstrable safeguard you can use to protect your clients’ ePHI. No doubt you’ve heard about encrypted email, but do you understand enough about encryption to knowledgeably choose an encrypted email and web form service that will give your practice the level of protection it needs?

This is an important question to ask because many people have misconceptions about encryption that prevent them from finding communication tools that could substantially improve their practice’s security. Let’s address some of these misconceptions, so you can shore up your HIPAA compliance with encrypted email and web forms that will help your clients feel safe when they entrust you with their information.

1. HIPAA requires encryption

Not exactly. The Security Rule isn’t specific about what safeguards should be used, leaving this decision up to the practitioner. However, if a data breach occurs and you’re audited, you’ll need to show that you made every effort to safeguard the information. There isn’t a much better way to protect ePHI than with encryption, and if the service you use comes with a signed Business Associate Agreement (BAA), which we’ll explain a bit later, you can feel confident going into an audit.

2. All encryption offers the same level of protection

This is not the case. All encryption is not the same, and understanding the distinction between different types of encryption will help you make an informed decision about what services will best protect your practice. Researching encryption on your own might be a little overwhelming, though. If you run a search for encryption types, you’ll soon find yourself reading about public and private keys, asymmetrical and symmetrical encryption, and various algorithms and protocols. It’s a lot to take in, and most of us don’t need to become experts to pick out an encrypted email service. All you really need to understand is the distinction between TLS encryption and OpenPGP encryption.

Transport Layer Security (TLS) encryption is considered the standard for encryption protection on the web. Gmail encrypts emails with TLS, as does Yahoo and many other email providers.

TLS protects email with encryption during transit as long as all of the email servers used along the way support it. That’s the main problem with TLS encryption. It can be difficult to know if it’s supported by all the servers used during an email’s journey. TLS also doesn’t protect information when it’s stored at its final destination.

OpenPGP encryption, on the other hand, protects information during transit and in storage. It also must be enabled either by a switch or password, adding a layer of security. The encrypted email service Hushmail uses OpenPGP encryption along with TLS to secure their customers’ emails and web forms with several layers of protection.

3. Encryption is difficult to use

Encryption might sound complicated, but that doesn’t mean it’s difficult to use – quite the contrary. When businesses first started offering encryption options for consumers several decades ago, it wasn’t very user-friendly and, understandably, practitioners were hesitant to use an email that could slow down or even obstruct communication.

Today, that’s all changed. You’re most likely using TLS encryption in your daily encounters on the internet. If you see https and a locked padlock icon next to the URL in your web browser, this means TLS is at work. As we mentioned, if you’re using an encrypted email service that uses OpenPGP, encryption needs to be enabled, but even this is usually worked into the email service, so it’s just noticeable enough to assure you that your messages are secure.

Hushmail, for example, automatically encrypts messages by default between Hushmail users, and requires a one-time password generation from anyone without a Hushmail account. Encryption is now so easy to implement, there’s no longer any reason to be concerned about disruption to your workflow or inconvenience to your clients.

4. Encryption is expensive

Not at all. Many encrypted email services offer an account for a low monthly subscription or even free. If you’re looking for a HIPAA-compliant service, you’ll want to find one that provides a BAA. This signed document places the responsibility for your emails’ HIPAA compliance on the email service, which is important in case you ever encounter a HIPAA audit. You’ll likely pay a monthly subscription for accounts that offer a BAA, but usually it’s quite affordable and may come with extra features such as encrypted web forms or e-signatures that make the monthly payment well worth it.

Now that you’ve read through this post, you know more than most about encryption and are ready to look for an encrypted email and web form service that will take your practice to the next level of security.

Remember, all encrypted communication services are different. The one you choose will depend on the level of security you want and extra features such a BAA, email archive, and web forms. We also suggest you find one with an excellent reputation for reliable, personal customer service.

If you’d like to take a deeper dive into encryption and how it works, here are a few helpful posts.

Encryption is a lot like a cryptogram, only better
6 essential checks to ensure your encrypted email is HIPAA compliant
Understanding your Hushmail encryption options

This guest blog was provided by Hushmail

About Hushmail: Hushmail has been providing encrypted email services since 1999. Its Hushmail for Healthcare account was specially developed to cater to the communication needs of healthcare professionals. This account includes secure mail encrypted with TLS and OpenPGP encryption, encrypted web forms, a signed BAA, and other features that are included to make your life easier and more secure. Visit Hushmail for Healthcare and try out an account for 60 days, risk free

About Author: Anabeli has been with Hushmail since 2014 and has over 20 years of marketing and communications experience in various industries, with a special interest in online marketing. Anabeli has a B.A. in Communications Sciences and an MBA with a specialization in marketing. Originally from Mexico, she lived in the U.K. before moving to Vancouver in 2010 and becoming a Canadian citizen. She is fluent in Spanish and English and spends her time outside of Hushmail enjoying her one-year-old daughter and the Vancouver outdoors with her family.

telehealth,telepractice,telepsychology,online therapy,online speech therapy, telehealth technology,telepractice technology,telepractice laws, teletherapy laws, teletherapy,hipaa teletherapy compliant,HIPAA compliant platform, social workers online, psychologist teletherapy


Complying with Federal and State Laws in Online Therapy

Online therapy, or telehealth, is an field that is rapidly evolving. As technology continues to advance, so do the ways in which we are able to deliver therapy. While the rules and regulations are straining to keep up, there are some guidelines that can help therapists to protect themselves as well as their patients. Whether you are a mental health therapist, social worker, behavioral therapist, or speech therapist, if you are interested in doing therapy with your patients online, you will need to do your due diligence to make sure that you remain in compliance.

teletherapy, technology teletherapy, teletherapy check list, telehealth, telehealth check lit


Teletherapy Checklist for Therapists

Teletherapy is growing! Here is the checklist of equipment, technology, documents and marketing for your teletherapy service.

Start 30-day Free Trial
Teletherapy e-book
Getting Started
Behavioral Therapy
Case Studies

Latest Posts

  • Therapy Activities and Icebreakers

    Wednesday, September 9, 2020

    This blog will review therapy activities that can be used as ice breakers for new pediatric clients in one on one or group sessions. Whether in person or via telehealth, an initial meeting with a new client can make you feel a certain type of anxious. Though there may be some guilt around “wasting” time getting to know the client and building rapport prior to getting to the meat of the therapy, the research actually says that taking the time to build a strong relationship with your client is likely more important than any specific therapy task. Here are 10 fun therapy activities.

  • Anxiety Counseling Techniques during COVID- 19

    Friday, September 4, 2020

    This blog will review anxiety counseling techniques that counselors and therapists can apply when treating individuals during the current coronavirus pandemic.The coronavirus has obvious physical health implications but it has also brought along with it significant anxiety problems. Not only are people afraid of catching COVID-19 but the resulting restrictions have led to worries about finances, education, and the future. For mental health professionals, the challenge is to help people cope effectively with their anxiety issues. Here are suggestions on what counseling techniques can be considered to assist the anxious client.

  • Tips and Activities for Social Skills Group and Language Group via Telepractice (teletherapy)

    Tuesday, August 18, 2020

    Social Skills Group or Language Group is a great way to help children learn and practice both their social and language skills with their peers but how is it done via telepractice (teletherapy)? What social skills group activities can be utilized when seeing clients online? Not only will this blog answer those questions, but it will also provide you with a repeatable session plan and activities that can be used for small group language or social skills therapy via telepractice and a list of 20 Youtube videos to utilize as a basis for those lessons.

Teletherapy e-book

This website uses cookies to ensure you get the best experience on our website.

Learn More