The Mail2Cloud Blog


How to easily meet HIPAA email compliance requirements by connecting email with your compliant cloud storage solution

The simple solution to sending and storing emails and files in a HIPAA compliant manner is here, made possible by Mail2Cloud. Our email tools will meet the requirements of FERPA, HIPAA, FINRA, SEC 204.2, etc. by merging your email with cloud storage services such as Box and Google Drive, which meet compliance guidelines. These companies will also sign a BAA. As such, combined with the Mail2Cloud compliant solution, all of the following are solved:

- HIPAA Compliant Email Archiving
- HIPAA Email Compliance
- HIPAA Email Encryption & Security

Here’s how it works: By enabling a secure transmission route for email attachments to the cloud, each sender and recipient will be taking advantage of the compliance features offered by either cloud storage services. Also, because of cloud sharing capabilities, the sender has even greater control over who has access to these highly exclusive files.

Viewing the following illustration below will help you visualize how this process works. Notice that you’re no longer sharing files through email - those attachments are removed. Instead they’re automatically uploaded to the cloud and a link to access the file is replaced in the email you send.


With Mail2Cloud installed, it doesn’t matter if you’re using Google (gmail), Outlook365 (Microsoft Office) or other email providers. Each one of your emails will be encrypted through secure TLS channels. This opens up a lot of flexibility for businesses since Gmail, Yahoo! Mail, Hotmail are not secure email providers. Sending any email with ePHI to individuals with Gmail accounts won’t be secure or encrypted. In this example, HIPAA compliance is not met and a violation has occurred. But having a cloud provider be the middleman keeps information secure and avoids any penalization possibility. 

mail2Cloud emails are processed by the parent company mxHero, which is operated from Amazon Web Services, a fully compliant data center. The attachment from the first email is removed and instead the recipient has two-step links where they can open or download the file. 

Once the recipient views their email and clicks on the attachment links, they’ll receive another message taking them to the real files, securely stored in the cloud. Let’s review some of the added protections that this process puts in place:

1. Any emails that were stolen on the recipients end don’t have accessible attachments. Therefore full breach into the recipients email account would necessary for any of the shared files to be viewed.

2. Mis-clicks that result in the recipient passing the original email along to unknown or unauthorized individuals no longer results in any damage or breach of privacy. That’s because the links to the files are still only accessible by the individual with the email account with whom the files were shared via cloud storage.

3. There is no added authentication process on the part of the recipient because of the two-step delivery.

4. A file access timer of 24 hours is set to all shared documents, further restricting viewing or downloading capabilities of these important attachments. This timer can be changed as you see fit.
People in the healthcare industry are constantly searching for answers to confusing and highly technical HIPAA compliance email rules and regulations. What the market wants is a simple solution that, best of all, integrates with popular email and cloud storage companies that many are using today and also helps simplify email attachment management and tracking. 

Our mail2Cloud solution is secure, easy to use and doesn't require any additional software or technical training. For more information about installing our product or pricing, get in touch with us here.