The short answer is a resounding no, at least according to John Lynn, the man behind the popular EMR and HIPAA blog. In a recent post titled, Email is Not HIPAA Secure, John makes a compelling case for why email is not HIPAA secure and lays out the reasons why.
To quote from the article:
There is a way to encrypt email sent between 2 email systems, but so far a standard and mechanism for encryption between all the vast number of email providers has not been established. I won’t go into the details of why this is the case (cost of encryption, standards for encryption, etc), but suffice it to say that almost none of the email systems send encrypted email that would satisfy the HIPAA requirements.
Meeting HIPAA requirements when communicating secure patient data can be daunting task. If you’re in the business of handling medical dictation the rules are pretty clear. You need a secure method of moving both the voice files and the finished transcription documents. If you’re going to transfer those files using a computer you need to be using a HIPAA compliant method of transferring them.
My Docs Online offers a easy way of moving those files, that satisfies those complex HIPAA requirements, using our Transcription Edition. The cost is modest (beginning at less than $10 per month) and the benefits to you are numerous. For more information please check out the Transcription Edition page link above.
If you’re really interested in learning more about HIPAA there is a wonderful e-book titled The HIPAA Survival Guide (affiliate link) that is available online. The book, written by Carlos and Deborah Leyva, costs $9.95 and is is a valuable resource. You can purchase and download the book from the HITECH Survival bookstore site.