Sending Personal Health Information (PHI) via Email. Is it Secure?

SmartSender Blog

Sending Personal Health Information (PHI) via Email. Is it Secure?

As a healthcare provider, you should know that the sensitivity to your customer’s data is your number one priority. Thus the Personal Health Information (PHI) is probably the last thing you will email to your customer.

No matter how many solutions SmartSender or other email platforms provide, email is inherently insecure.

In general, a problem may occur when you try to send a large attachment or a heavy template. The chances in this case are high to get blocked by Spam filters. And vice versa, a small message will be sent faster and less likely to be blocked.  

If you need to send PHI, we recommend you email a call to action (CTA) for your customers to log into your own secure web portal to retrieve the sensitive documents, rather than sending the actual data. A short note, informing that the customer has documents available for review and a “”Click to login” CTA will be more than enough. As a result, the requirements of HIPAA (Health Insurance Portability and Accountability Act of 1996) are not triggered.

On the topic of sending sensitive information, it would be fair to mention that our team has created numerous ways to send a secure email, and security is one of our highest considerations.

  • We use Amazon AWS, DigitalOcean and LeaseWeb as hosting service providers which apply heavy cyber security measures and comply to highest data protection standards.
  • We comply with General Data Protection regulation (GDPR) and Anti-Spam Legislation
  • Systems controlling the management network at SmartSender log to our centralized logging environment to allow performance and security monitoring.
  • SmartSender’s team utilizes monitoring and analytics capabilities to identify potentially malicious activity within our infrastructure.
  • Every SmartSender services component is protected by either one or more security groups which contains sets of firewall rules that specify which type of network traffic should be delivered to that particular service.
  • SmartSender uses encryption by default to provide additional protection for your data at rest.
  • Neither our technical nor customer support staff  have access to the backend virtual servers, databases, nor access to the NAS/SAN storage systems where backup images reside.