I won’t keep you in suspense. A free gmail email address is NOT HIPAA compliant.
“But I don’t send patient information via email, ever.”
That’s a good start, and you should never send any protected health information (PHI) via unencrypted email (that is definitely a violation). But just because you don’t send PHI out, doesn’t mean you are barred from receiving it.
If a patient sends any PHI to you via email, even without your permission, that can create a problem for you. This information is now in your unsecured inbox. If you delete it, it can still be stored in your trash inbox or be recoverable.
You can never ensure that you will not receive PHI in your inbox. But you can protect yourself from a HIPAA dilemma.
So How Do I Make My Email HIPAA Compliant?
Unfortunately, it’s impossible to make a free Gmail address/inbox compliant with HIPAA.
Paid email services such as Office 365 and G Suite are HIPAA compliance-compatible, but they are not compliant out of the box.
We are now offering HIPAA-compliant email service, including complete set up and encrypted sending.
So if you’d like to protect yourself from a potential violation, contact us today for more information.