how to make email HIPAA compliant

For companies in the healthcare industry, ensuring that the email communication being used within your organization is HIPAA compliant is absolutely essential to the protection and confidentiality of patient healthcare information.

Not to mention, HIPAA compliant email is required by law for all healthcare organizations, including healthcare providers as well as insurance companies.

But, just what is HIPAA and how can you make sure that your email is HIPAA compliant? These are the questions addressed in this article.

In addition, this post also provides step-by-step instructions to make your email HIPAA compliant using Microsoft 365 Outlook email.

Prefer to skip ahead and get right to it?

After this is done, jump to these steps to add the HIPAA compliant email Add-In and complete your HIPAA compliant email set up. Or, simply call (480) 624-2500 and we’ll help you get set up after signing up for the Microsoft 365 Business Professional email package.

wildcard ssl certificate
Need a domain for a new email address that needs to be HIPAA compliant?

Start here with the you want:

What is HIPAA?

HIPAA, or The Health Insurance Portability and Accountability Act of 1996, is a federal US healthcare law that establishes national standards and requirements to protect sensitive patient personal health information from being disclosed to anyone without their knowledge or consent.

These requirements set standards for the use and disclosure of sensitive patient health information, but also for the strict safeguarding of personally identifiable information by companies in the healthcare and health insurance industries.

What is the HIPAA Privacy Rule?

The HIPAA Privacy Rule and HIPAA Security Rule requires for covered entities, such as medical practices, to obtain written assurances that their business and/or associates will safeguard electronic Protected Health Information (PHI) appropriately. If a medical practice, hospital or other healthcare related business does not comply with the rules, the result may transpire in civil and/or criminal penalties.

What is HIPAA compliant email?

HIPAA compliant email is email that adheres to The HIPAA Privacy Rule and HIPAA Security Rule requirements by using end-to-end encryption in order to properly protect personal health information, or PHI, that is transmitted electronically.

How do I make my email HIPAA compliant?

  1. To ensure that your email is HIPAA compliant, you will need to use an email service that offers and meets the security requirements outlined by HIPAA standards. We recommend signing up for a Business Premium email account subscription with Microsoft 365. This allows for the purchase and use of HIPAA compliant email as an add-on. A benefit to this option is that if you have multiple employees and staff email accounts on the same Business Premium plan, there is no need for those email accounts to have separate Business Premium subscriptions for their email to be HIPAA compliant.
  2. After your email account has been activated, you will next need to set up your HIPAA compliant email.
  3. Electronically sign the Microsoft 365 HIPAA Business Associate Agreement (BAA). This is the last step in ensuring that all the emails set up for your organization under the Business Premium email subscription plan are automatically HIPAA compliant.

How does Microsoft 365 email meet HIPAA compliance requirements?

Microsoft has added safeguards that are required by HIPAA for various Microsoft 365 services. These safeguards are in place for services including Office Online, Exchange Online, in addition to SharePoint Online and OneDrive for Business. View more on Microsoft and HIPAA and the HITECH Act.

When using Microsoft 365 Business Premium, an optional privacy and security contractual supplement called a HIPAA business associate agreement (or BAA) is also offered in effort to assist Microsoft 365 customers meet requirements for HIPAA compliant email.

Okay, so now that we have that covered, this following section goes into more detailed steps on how to make your email HIPAA compliant.

Note: These steps assume you have already signed up for a Microsoft 365 Business Premium email subscription plan with GoDaddy. If you have not already done so, you may sign up for a subscription here.

How do I make my email HIPAA compliant?

Time needed: 5 minutes

How to make your email HIPAA compliant

  1. Sign into your Microsoft 365 email account.

    Using your Microsoft 365 email address and password, start by signing into your account from the Office 365 sign in 365 sign in page

  2. Select Add-Ins.

    Once logged into your Microsoft 365 account, you will then be able to access your Email & Office dashboard. Click on the menu icon in the top left and select Add-Ins from the drop down that displays.
    microsoft 365 add ins

  3. Add the HIPAA compliant email Add-In.

    After selecting Add-Ins, you will be shown different Add-In options to choose from. You’re looking for the HIPAA compliant email Add-In option. Next to HIPAA compliant email, choose Get started.steps to make email HIPPA compliant

  4. Agree to the Microsoft 365 HIPAA Business Associate Agreement.

    After selecting Get Started, you will then be presented with a checkbox that states, I agree to the Microsoft 365 HIPAA Business Associate Agreement. Go ahead and select the checkbox to agree to the BAA.Microsoft 365 HIPAA Business Associate Agreement (BAA)

  5. Enter your contact details.

    After agreeing to the Business Associate Agreement (BAA), you will then be asked to enter your contact details. Go ahead and add in your contact details as Microsoft will require these so that they can contact all customers in the highly unlikely instance of a data breach.hipaa compliant email business associate agreement

  6. Accept & Send.

    After adding in contact details, the last step is to go ahead and choose to Accept & Send. And that’s it. After completing this step, the email accounts you create under the current email plan will now automatically be HIPAA compliant.buying a domain backorder

If you followed these steps, you’re all set. Congratulations!

However, if you got stuck anywhere along the way or have additional questions, not to worry. We want to answer your questions and are here to help you get set up correctly.

So, take a moment to review the following FAQ’s and feel free to get in touch if you need to.

Additional questions about HIPAA email compliance?

How do I get started with HIPAA compliant email?

To get started with HIPAA compliant email, the first step is to sign up for a Microsoft 365 Business Premium plan. After you sign up for an email account with Business Premium, you can then purchase HIPAA compliant email as an add-on. Any other email accounts that are on the same plan do not need to have their own Business Premium account in order to be in compliance.

After you’ve purchased and set up your Microsoft 365 email, you may then complete the activation of your HIPAA compliant email.

After activating HIPAA compliant email, will my email work differently?

No, there is no noticeable difference after activating your HIPAA compliant email. Everything about your email will still function and work the same as before. The only difference now is that the necessary security features are at work behind the scenes.

What if my organization has multiple employees who need compliant email?

No problem. In fact, this is quite often the case. Your healthcare organization only needs one Business Premium email subscription to make all other email address accounts compliant. The account holder of the Business Premium subscription will usually belong to an administrator.

There is no need to buy a Business Premium subscription for every person who needs an email address. As long as every email that needs to be compliant is added under the Business Premium subscription, all email address accounts will be HIPAA compliant.

Does having a BAA automatically make my organization compliant with HIPAA and the HITECH Act?

The short answer is, no, not automatically. With a business associate agreement, or BAA, this helps your organization become one step closer to becoming compliant. Having HIPAA compliant email is only one requirement to being HIPAA compliant, but there are several other requirements that organizations must adhere to in order to be in complete compliance.

How can I ensure that my organization stays in compliance?

Regulations and requirements can often change in a very short amount of time. For this reason, it is recommended to use Microsoft Compliance Manager in order to stay up to date on the status of your organization’s email compliance.

With Microsoft 365 Business Premium, users have access to Microsoft Compliance Manager from the Email & Office dashboard. Compliance Manager is a useful tool that shows your organization’s current compliance score, as well as help you identify what needs attention. Compliance Manager will even guide you on key actions that may help improve your score.

See how Compliance Manager can help simplify the way your organization manages compliance in this short video.

What if I have other questions or prefer help with set up?

Our support guides are ready to help. If you have any questions or even want us to help you with the setup of your email, expert guides can be reached by calling (480) 624-2500 to offer the assistance you need 24/7.

You can also visit our Microsoft 365 Help Center for additional articles and instruction related to Office 365 email.

Ready to get started? Then get:

GoDaddy Microsoft 365 Business Premium

$11.99 / per month

Office 365 on 5 devices, web apps & Professional email.

  • Office 365 installed on up to five devices
  • Office 365 (online only) web-apps
  • 1 TB online Storage
  • Unlimited online meetings & HD video conferencing
  • Business apps – Make your small business run better and more efficient.
  • Professional email using your domain name
  • 50 GB of Storage for email, contacts and calendar
  • Sync across all devices
  • Shared online calendars
  • Up to 400 email aliases

The Business Premium plan includes all the features available with the Online Essentials plan, but in addition, you also have the ability to download the Office suite of apps directly to your desktop or laptop computer. You can install Office on up to 5 devices, including computers (PC or Mac), tablets, or smartphones per user.

godaddy customer service
microsoft 365 office suite

View all Microsoft 365 from GoDaddy plans

Microsoft 365 Business Premium FAQ

How much does Microsoft 365 Business Premium cost?

The price for Microsoft 365 Business Premium is $11.99/month. This is the cost per user with the option for monthly or annual billing.

What’s included with Business Premium?

Business Premium is top-of-the-line when it comes to Microsoft 365 plans. With this plan, you get access to the suite of Microsoft Office apps to use on your devices and online. You can install Office on up to 5 computers (PC or Mac), as well as smartphones and tablet. You also get a professional email address using your domain name to use for your business, along with 1 TB of OneDrive storage.

What if I don’t need Microsoft Office and only need an email address?

If you don’t need Microsoft Office apps for your business, but still want to use Microsoft 365 email, we recommended purchasing Microsoft 365 Email Essentials or Email Plus instead. Both plans give you the ability to set up a professional email address using your domain name, but don’t come with Microsoft Office apps included. The only difference is that you have a higher email storage limit on one plan over the other. You can think of these as “email-only” plans.

How many user accounts do I need to buy?

When purchasing Microsoft 365 Business Premium, you can add more users based on the number of people who need Microsoft Office with their own email address. For example, if you have a business with four employees who all need to use Microsoft Office apps, plus yourself, you would need to buy a total of five user accounts for everyone to have their own dedicated access to Microsoft Office to use on their computers or devices. The number of user accounts can always be increased or decreased at any time.

Do I get to use Microsoft Office apps with this plan?

Yes, with Microsoft 365 Business Premium, you can use Microsoft Office on the web (online-versions) or install the programs and apps directly on your devices to use. Included are apps such as Word, Excel, PowerPoint, and Teams.

Where can I compare Microsoft 365 email plans?

Along with our main Microsoft 365 from GoDaddy signup page, you may also view this resource for a comparison of Microsoft 365 email plans. The plan comparison chart within this article can also help you compare plans.

How is GoDaddy involved with Microsoft 365?

View more information here on GoDaddy’s involvement.

What if I’m still unsure what I need?

Not a problem, we’d be glad to help. Get in touch with our sales team, and we’ll be happy to help you determine the best plan for you. We can even help you get set up.

godaddy customer service
microsoft 365 office suite

Leave a Reply

You must be logged in to post a comment.