HIPAA has stringent guidelines for healthcare providers. Using email is an unsecured channel for PII/PHI transmission. However, the Privacy Rule does allow email to be used for communication exchange between health-related professionals or patients provided that HIPAA safeguards are applied.
One must ensure that Patient data or PII is safeguarded when transmitted electronically. Therefore, in accordance with HIPAA compliance, extra security measures must be implemented when transmitting PII/PHI in Notification and AutoResponder.
To use Notification and AutoResponder with HIPAA Compliance, please ensure that sensitive healthcare data is encrypted- PII and PHI fields are encrypted on the forms.
The ‘Encrypt all’ settings are enabled by default, your notification email displays show no data entry.
Likewise, the Autoresponder is not easily enabled when all fields are encrypted.
However, when a form is a mix of encrypted and non-encrypted fields the email notification and autoresponder will display only the non-encrypted fields’ data.