top of page

HIPAA Email compliance with Box & mxHero

An innovative, elegant and non-disruptive solution for HIPAA compliant email

In 2013 HIPAA regulations were updated to recognize third party business partners like law firms, insurance agencies or even human resource departments (in any office) as business associates with obligations to protect confidential personal health information (PHI) with as much vigor as the hospitals and doctors’ offices where the data originated. Nowadays, where there is personal health information (PHI) there is HIPAA and where there is HIPAA there are heavy fines for non-compliance reaching into the millions of dollars.

Fortunately for companies dealing with PHI, leading content management services like Box go a long way in providing what is needed to meet regulation. Box provides a secure platform with the requisite encryption, authentication and audit features.

Despite Box’s many supporting features, some important challenges remain. HIPAA covers more than just how PHI is stored and managed, the regulation includes provisions for how it is transmitted. Given that a significant amount of content is sent through unsecure email, how can an organization ensure that email communications are also adhering to the standard? One way would be to mandate that all users send PHI only as secure Box links. Easy enough, right? Not really. As any seasoned IT manager or CIO knows, asking users to change their habits, in particular how they use core technologies like email, is a Herculean task. Furthermore, even if 90% of the organization adheres to the mandate, it takes only one email with unprotected PHI to put the entire organization at risk of violation.

Highlighting the user adoption challenges of security & compliance policies

Furthermore, there are cases where ensuring compliance is cumbersome, like inbound PHI coming from clients. These will often arrive as standard attachments, but HIPAA requires that the organization secure that information. Employees need to remember to get that content into Box. Again, even in the most disciplined organizations, files will slip through the cracks and risk will accumulate.

Fortunately, easy solutions exist. One such solution is mxHero. MxHero provides transparent integration between the company’s email and their Box CCM that ensures all attachments are replaced with Box links before message delivery. Best of all, this is done without the need for end user action. MxHero automatically uploads attachments as emails are being transmitted. No software needs to be installed by end users and the technology works from every device, whether laptop or mobile phone. As a result, every attachment is stored and delivered in a HIPAA compliant manner. Best of all, no adoption is required as no changes are made to how email is used. By automating HIPAA compliant email delivery, mxHero mitigates the risks of relying on end user adoption.

Box + mxHero end-to-end encrypted delivery of PHI via email

Powerful content management technologies like Box are transforming how we work. At its core, Box is a platform, and by judicious application of the Box platform, solutions like mxHero can transform legacy technologies as venerable and ubiquitous as email, driving significant transformation yet without end user disruption. This is the future of work!

Originally posted on Medium

bottom of page