HIPAA Compliant Email

[casey2011]

What is everyone using to make sure they are sending HIPAA complaint email? I looked into Luxsci. I was wondering if anyone has any recommendations. Thanks!

[Jay]

I tried to get people interested in this solution which is not perfect but works...but the idea does not seem to have too many takers.
viewtopic.php?f=1&t=4426&p=18897&hilit=pdf+postman
You could still implement outside OD and it works well for us when we need it.
Unfortunately this topic just does not seem to be a priority on too many people's list.

[gthiele]

I subscribe to Reality and they recommended this service. Here's what they wrote:

"Are you complying with HIPAA privacy rules when you communicate with your patients or with labs and specialists about your patients via email? The answer is a resounding no if you are using popular programs such as Outlook and Gmail. However, we found a service that solves the problem, is easy to use, and is incredibly affordable. Check out http://mdofficemail.com if you need a HIPAA-compliant email service for your practice."

[jsalmon]

We are in the process of building encrypted email into Open Dental. It will be mainly used for comm between providers because patients won't want to go through the trouble of installing public and private keys. Therefore provider to patient communication will be handled through our patient portal that we are working on right now as well.

[MKM]

Jason
Encrypted email into Open Dental would be awesome! Would we be able to attach images to it also and woud the images be encrypted? How would this work with receiving PHI from another office?
Right now we use a program called EDOSSEA which has worked really well for us, $50 a month, we send electronic communications totally secure and other providers can go to our website, click on a link and send us files securely.
But if we could send and receive encrypted emails with attachments right from Open Dental that would be great!!

[Jay]

Jason
Encrypted email into Open Dental would be awesome! Would we be able to attach images to it also and woud the images be encrypted? How would this work with receiving PHI from another office?
Right now we use a program called EDOSSEA which has worked really well for us, $50 a month, we send electronic communications totally secure and other providers can go to our website, click on a link and send us files securely.
But if we could send and receive encrypted emails with attachments right from Open Dental that would be great!!

Hi Mary, did you look at http://mdofficemail.com/ when you picked EDOSSEA? Wonder how they stack up?

[MKM]

No, I didn't look at MD Office Mail. We started using edossea over a year ago, and it has worked so well for us I haven't looked elsewhere. $50 a montyh, and other providers can upload right from my website. It has been great. But will definately take a look at MD Office Mail too.

[sam-I-am]

I've been using MDoffice mail for awhile now. Inexpensive, has worked well for communications to both patients and other offices

[mowgli]

Open Dental feature request 2211 states in the detail section, "By 2014, there will be a government mandated secure email format for communication between physicians." Tried searching for further detail on this and not finding it. Does anyone know what that statement is based upon and where further info can be found?

[Arna]

That statement is based on Medicaid's Electronic Health Record Initiative. Open Dental is EHR certified http://www.opendental.com/manual/ehrlicense.html and meets to standards set forth by CMS. One of those standards is secure email format for communication between physicians.

[mowgli]

Yes, I understand exactly why "secure email format" is required. But the statement quoted says, "a government mandated secure email format." This makes it sound like there will be one particular format mandated by government. Frankly, such a requirement sounds a bit too precise for federal law, so maybe I'm misunderstanding it. If all it means is that the email must be secure, there are various ways to accomplish that end.

[jordansparks]

The mandated format is called "Direct". It's a specific DNS technology for finding public and private keys associated with email addresses. We have finished building it.

[Justin Shafer]

Time to read!

[Hersheydmd]

The mandated format is called "Direct". It's a specific DNS technology for finding public and private keys associated with email addresses. We have finished building it.

In what version will it be added? Do you need offices to beta test? I volunteer.

[MKM]

I volunteer too!

Mary Kay Milewski
Medina Family Dentistry
Medina, Ohio

[B.Thomas]

What is the latest status on encrypted email? Is it in version 13.3? Can't wait to try it.

[jordansparks]

I think it's only in 14.1, which will probably be released in about a week.

[babysilvertooth]

Hoping for some help: Does this mean I can hold off pulling the trigger on signing up for another service? I am hoping I can email referral slips and xrays as encrypted right from OD....does this work even if I don't have the EHR package?

[Nate]

Any update to how encrypted email will function in open dental?

[jsalmon]

It's referred to as Direct Messaging in our manual:
http://www.opendental.com/manual/directstandard.html
http://www.opendental.com/manual/version14_1.html

I think it's still a popular feature request if you want your average Joe Schmo "encrypted email". The kind you send to every day email addresses (aka patients). Direct is geared more towards provider to provider (EHR to EHR) communications. To securely send messages to your patients, we provided a patient portal.
http://www.opendental.com/manual/patientportal.html

[Hersheydmd]

This won't work directly from OD, but I recently began using SENDINC (sendinc.com). They have an Outlook add-on, which has been working great for me. I started using it to communicate with my accountant and several specialists. It is very easy for the receiver to quickly set up an account and password so they can continue receiving encrypted email from you.
They have three very reasonable plans: Free (limited message size, storage & retention), $5/month for one user, $25/month for five or more users. It is also simple enough to use with a patient if you are sending them PHI.

[moabite]

no one paying for Google Apps?

https://support.google.com/a/answer/3407054?hl=en

[B.Thomas]

no one paying for Google Apps?

https://support.google.com/a/answer/3407054?hl=en

From what I understand both Google Apps and MS Office 365 will make sending from our office and the transmission of the email secure. The problem is there is no guarantee the recipient's email is secure. So I think the only options are to upload the patient info to a secure file server where the recipient has to enter a password to open it, or something like what open dental is doing by securing both ends of the email. It's just that the other dental software programs are not as up to date or as cool as Open Dental

[irfan]

Google apps is pricey, same with 365. I dont think its a rule to have secure 2 way communication... but you do need to be secure on your own end.

[Hersheydmd]

Google apps is pricey, same with 365. I dont think its a rule to have secure 2 way communication... but you do need to be secure on your own end.

I'd worry about Google data mining my emails.
365 isn't that expensive when you consider you are also receiving licenses for 5 copies of MS OFFICE 2013 suite.
As I mentioned previously, I'm using Sendinc (www.sendinc.com) with Outlook. Recipient must register and set up a password, which is the only way you will get true encryption on both ends.
It's very inexpensive and easy to use for both the sender and the recipient.

[moabite]

hm - well there's always Snapchat right? they read it and poof it's gone - that's gotta be HIPAA compliant!

[dwnelson]

I would like to set up a secure email option for communicating between providers. I am a specialist and I deal with several referring offices, with varying kinds of email setups and practice management software.

I like the concept of encryption through Open Dental, to keep things simple on my end and to do everything through Open Dental so all communication is in the patient's Open Dental chart. However, will each referring office have to go through the process of setting up Direct?

It appears so.

"Direct messaging: Requires that a public certificate is hosted in DNS and can be found using the domain part of the recipient's e-mail address. It is specifically used in EHR for provider to provider communication (e.g. sending/receiving Summaries of Care). Both sender and recipient must be using a certified EHR software that supports Direct." (from http://www.opendental.com/manual/encryptedemail.html)

Most offices I communicate with have simple email like Gmail or Outlook, and their office staff aren't particularly tech savvy. Most offices I communicate with don't have Open Dental, and I do not know if their practice management software is compatible with the Direct standard.

[referralpad]

How does the group feel about a Hipaa Compliant secure platform that allows referrals between providers
within the "network"? All communications would flow within this platform allowing a "one stop shop"
location for all referral management. Anyone interested in participating in a Beta Test?

[StevenB]

How does the group feel about a Hipaa Compliant secure platform that allows referrals between providers
within the "network"? All communications would flow within this platform allowing a "one stop shop"
location for all referral management. Anyone interested in participating in a Beta Test?

Was just talking to support earlier regarding this. I don't like that even the regular emails that go out can not be located anywhere to resend (just are visualized in chart) and must be redone if the receiver did not receive them. Would be nice to have a return receipt too, or show up in the sent folder in your email program such as Outlook or Google.

I like this platform idea and have been thinking of something similar - keep me updated, as I do not regularly view this forum.

Steven Bloom
drbloom@bwfamilydentistry.com

[B.Thomas]

I started using Virtru for sending encrypted email. It is pretty cheap at only $2.00 per month per user. A couple of offices that are technologically "challenged" have troubles following the instructions, but most figure it out quickly.

[jsalmon]

As of Open Dental v15.1, we implemented the popular feature request #2211 for Standard Encrypted E-mail
http://www.opendental.com/manual/encryptedstandard.html

[Hersheydmd]

I started using Virtru for sending encrypted email. It is pretty cheap at only $2.00 per month per user. A couple of offices that are technologically "challenged" have troubles following the instructions, but most figure it out quickly.

I am using one called Sendinc. Looks very similar to Virtru except it is $5/month and Virtru limits message size (including attachments) to 25MB, Sendinc to 100MB, which means you can even e-mail a Cone Beam which would normally be too large to send by regular e-mail.

[Jay]

@HersheyDMD and anyone else: Did you consider OD's own encrypted email? I am wondering if there is a reason you picked a third party service over the built in feature.

[Hersheydmd]

@HersheyDMD and anyone else: Did you consider OD's own encrypted email? I am wondering if there is a reason you picked a third party service over the built in feature.

Maybe it's just being used to something and resistant to change, but I find the built in version cumbersome.
I am so used to using Outlook for e-mail it is difficult to change. Outlook is easy to search and easy to sort and I can set up any number of folders for different categories. I use it with several different e-mail accounts (gmail & aol) and it gives me one place to organize all my e-mails.
Sendinc.com has a very good Outlook add-in. When I send a secure e-mail a copy is stored in an Outlook "Sent Secure" folder. Incoming secure emails come right into my inbox and I only have to enter my Sendinc password once per session to decrypt them. I can send e-mails up to 100 MB right from Outlook (required a minor registry setting).
The nice thing about Sendinc is that once a recipient registers and sets up a password, they don't have to register again or re-verify their address. All they have to do is enter their password to decrypt the e-mail.
I occasionally receive e-mails from Virtru. They require you to click a link every time which opens a webpage. In the webpage you have to click a link that sends you an e-mail. You have to wait for the e-mail and then click the link e-mail to confirm that it is your e-mail. You can then open the secure message. I prefer Sendinc.com. It is simpler.
Also, only a small percentage of my e-mails need to be saved in a patient record, so I don't see any reason to clog up my OD database with so many e-mails that I don't need to save.

[Jay]

Maybe it's just being used to something and resistant to change, but I find the built in version cumbersome.

To be honest it sounds complicated to me as well but maybe they're really sticking to government regulations.

The nice thing about Sendinc is that once a recipient registers and sets up a password, they don't have to register again or re-verify their address. All they have to do is enter their password to decrypt the e-mail.
I occasionally receive e-mails from Virtru. They require you to click a link every time which opens a webpage. In the webpage you have to click a link that sends you an e-mail. You have to wait for the e-mail and then click the link e-mail to confirm that it is your e-mail. You can then open the secure message. I prefer Sendinc.com. It is simpler.

It does sound great. What I wonder is how all these different companies using completely different workflows, all still manage to be compliant. I mean, why wouldn't every single one of them choose the easiest process if it is valid.

[bcpayne]

Holy Grail for HIPAA email and fax!

I have avoided using HIPAA email solutions because I like the easy built in email set up in OD. We avoided sending any PHI but still want to seal up any possible cracks. I was looking at mdofficemail and found that not only do they allow an SSL email connection (hipaa compliant) from OD, but they also have an integrated E fax option as well. When you send an email from OD, mdofficemail then ecrypts it and keeps it on the server and the recipient gets an email with a link to the message. Then they do have to choose a password for future access. Another awesome option is to include "::" in the subject line which causes the email to be sent plain text as a regular email.

I can hardly believe that I finally found the perfect setup for hipaa compliant communications with OD. Granted, I haven't used it for long yet, but it has worked perfectly so far.

Bonus: it is cheap compared to PBHS which ADA is endorsing (which is much less functional and has no fax option).

I have no affiliation with mdofficemail, other than being a new customer. However I think everyone should use it, unless you want to install a bunch of certificates for the OD secure mail option. I didn't try that but I can't imagine trying to set this up with all of my referral offices.

[Cheryl Stern]

Why does the ADA endorse PBHS when it has on its website (for member use only) a:
An authorization form for a patient to use to consent to unencrypted email (must be a stand-alone document) (DOCX).

This form can be located at: http://www.ada.org; Home; Member Center; Member Benefits; Legal Resources; Publications & Articles; HIPAA and Data Security; Emailing Patient Information: A Resource for Dental Practices.

Would someone be able to explain to me why I cannot say to a patient "Please review and sign this consent form so I may send your x-rays to the referring doctor so he may treat your tooth. If you prefer I do not email it I can send it through snail mail and they will get it in a few days." I inform patients that I am not sending any health information that they would not want disclosed, (such as medical conditions) but I am including protected information such as their name.

I have been told on other websites that patients do not have the legal ability to allow unencrypted emails with their information to go to other dentists.
Your solution sounds very useful though. What does it cost?

[Hersheydmd]

Holy Grail for HIPAA email and fax!

I have avoided using HIPAA email solutions because I like the easy built in email set up in OD. We avoided sending any PHI but still want to seal up any possible cracks. I was looking at mdofficemail and found that not only do they allow an SSL email connection (hipaa compliant) from OD, but they also have an integrated E fax option as well. When you send an email from OD, mdofficemail then ecrypts it and keeps it on the server and the recipient gets an email with a link to the message. Then they do have to choose a password for future access. Another awesome option is to include "::" in the subject line which causes the email to be sent plain text as a regular email.

I can hardly believe that I finally found the perfect setup for hipaa compliant communications with OD. Granted, I haven't used it for long yet, but it has worked perfectly so far.

Bonus: it is cheap compared to PBHS which ADA is endorsing (which is much less functional and has no fax option).

I have no affiliation with mdofficemail, other than being a new customer. However I think everyone should use it, unless you want to install a bunch of certificates for the OD secure mail option. I didn't try that but I can't imagine trying to set this up with all of my referral offices.

NICE Dr. Payne.
MDOfficeMail looks like another nice solution.
Your post prompted me to see if I could set up Sendinc to work from within OpenDental. And YES, because OD is so flexible & customizable I was able to.
You can set up OD to send secure e-mail through your sendinc.com account so you don't have to use their web-browser interface. All you need to do is

1. go to the Edit Email Address window.
2. Username should be the e-mail address you registered with Sendinc.
3. Password should be your Sendinc.com account password not your e-mail account password.
4. The outgoing smtp server is smtp.sendinc.net
5. Set your outgoing port = 465
6. E-mail address of sender should be the same as your Username

With a $48/year account you get 10GB of message storage & up to 100 message recipients per day. You can also send e-mails with attachments up to 100MB of data - enough to send large cone beam or digital impression files.
I also have no affiliation with Sendinc.

[Jorgebon]

How do you switch between your regular e-mail and Sendinc when sending e-mail from OD?

[bcpayne]

I looked for that and could not find a way to switch "on the fly". Looks to me that you have to change the default in the email setup to change it each time.
That is why it is nice to use mdofficemail, because you can just include "::" in the subject line and it gets sent unencrypted as a regular email.

[KevinRossen]

How do you switch between your regular e-mail and Sendinc when sending e-mail from OD?

Open added the ability to have multiple email account setup. I know this is in version 15.4 (beta still, but it's incredibly stable at this point), but I'm not sure if it's in 15.3 or 15.2. It looks like the easiest way to switch sending accounts on the fly would be to setup signature/autographs that designate the "from" email. It looks like when you do this you can insert a signature to the email, which will set the from email to the associated account. That seems like it would be the least amount of clicks to change the emails.

I haven't tested this theory yet. I'm going to test it with Sendinc. This seems like a great solution that is easy to use from both the dental office and the recipient.

[KevinRossen]

I just signed up for Sendinc today based on suggestions above and I can tell you it's incredibly easy to use. I have no affiliation with them and I've been using their service for about 12 hours, so don't take this as the final word, but my initial results are very promising. For just $5/mo or $48/yr you get encrypted email sending that's as easy to setup in Open Dental as any other email. The price gives you 200 recipients per day, so it's not ideal if you're sending more than that. The recipient gets a notice that they've received a secure email message with a link to click. The first time they use it they'll need to create a password, which is incredibly simple to do. We used it to send notes to a specialist and they were easily able to access the message.

All you have to do is enter SMTP settings as mentioned above on the email account and you're ready to go. It seem MUCH easier than the built in encrypted email option within Open Dental. I'll report back after we've used it a bit longer to give a full review.

[KevinRossen]

It's been a week since we started using SendInc and still very happy. The only thing I need to work out is more easily switching between secure email and regular email. I haven't been able to figure that out yet.

[Rickliftig]

As of this month, the Office of Civil Rights has clarified and simplified some of the HIPAA communications rules allowing for *a little* more common sense (but no that much). Check it out on http://www.hhs.gov/hipaa/for-profession ... leasedfaqs also http://www.ada.org/en/publications/ada- ... cure-email

Rick

[Hersheydmd]

It's been a week since we started using SendInc and still very happy. The only thing I need to work out is more easily switching between secure email and regular email. I haven't been able to figure that out yet.

I agree with Kevin, it's very easy to use.
In addition, I created an e-mail template that we insert into every e-mail. The subject line reads:

• XDoubleClickThenEnterSubjectHereX (This e-mail is encrypted for HIPAA compliance)

It reminds us to double click & enter the Subject. Every subject is followed by "(This e-mail is encrypted for HIPAA compliance) "
We use this for every e-mail we send now for patients and referrals from Open Dental.

The other nice feature is that Sendinc has an MS Outlook Add-In that works beautifully with Outlook.

[Justin Shafer]

Office 365 is what I have decided on lately... Since Virtru has changed their pricing structure. That and I am tired of people changing website hosts, and changing their mail servers... over and over again.

No more!!!

[drsomaiya]

It's been a week since we started using SendInc and still very happy. The only thing I need to work out is more easily switching between secure email and regular email. I haven't been able to figure that out yet.

Kevin,

Were you able to figure out how ti switch between secure and insecure email ?

Thanks!
Nimisha

[DavidWolf]

Are you talking about emailing to your patients or emailing referral information to other offices? If you are talking about emailing referral information to other offices. I have developed a plug-in that allows you to easily create referrals and send them in a secure portal called DentalCareLinks. We are currently looking for BETA testers. If you are interested you can email me at david@dentalcarelinks.com and I will set you up. Anyone that BETA test will receive a full year premium subscription for free it is a $500 value.

you can check it out at www.dentalcarelinks.com

[rhaber123]

I just signed up for Sendinc today based on suggestions above and I can tell you it's incredibly easy to use. I have no affiliation with them and I've been using their service for about 12 hours, so don't take this as the final word, but my initial results are very promising. For just $5/mo or $48/yr you get encrypted email sending that's as easy to setup in Open Dental as any other email.

http://www.sendinc.com
VERY EASY TO USE. THANK YOU

[KevinRossen]

Were you able to figure out how ti switch between secure and insecure email ?
Nimisha

No, but I am ok with with. Most of what we send from within Open Dental will have some form of PHI included, so it should be encrypted anyway.

[DavidWolf]

DentalCareLinks has completed a plugin for sending patient referrals from within Open Dental. The plugin is currently free to use and comes with a free 1 year premium subscription for OD users who want to try it out. Here is a very poor quality video that I made to demonstrate how it works.


https://dentalcarelinks.wistia.com/medias/x3kx47tm5x

If you would like to try it no risk, no cost, nothing to lose, email me.

david@davidwolfdds.com
www.dentalcarelinks.com