Email encryption is encrypting (disguising) the content of emails in order to protect sensitive information from being read by anyone other than the intended recipients. Email encryption is a great idea for regulated industries, but in some cases it is either mandatory or strongly advised, as in the case of health care, the legal profession, and financial institutions. Other businesses that have to adhere to IT compliance protocols and IT auditing should also consider using email encryption to protect themselves and their clients against data security threats and breaches.

HIPAA stands for the Health Insurance Portability and Accountability Act of 1996, and for the health care industry has brought the topic of email encryption to the forefront.  The mandate to encrypt email, however, does not apply to ALL email in a health care setting. If you are sending emails from one co-worker to another on a secure server, for example, it’s not required by HIPAA to encrypt that inter-agency communication. That is assuming the server is protected from external threats, and managed effectively with updated security patches. However, many health care firms are getting into the habit of encrypting across the board to avoid any gray areas.

continue reading »