CO-MAIL - Virtual Corporate Secure Sevrer
· ABOUT    · FEATURES    · FOR PARTNERS    · FOR USERS    · HOW TO BUY
  · What is it
   that we offer?

  · How fast
   can you get it working?

  · Calculate
   your costs

  · Free sign up

   free fully functional
   Co-Mail trial

Frequently Asked Questions on HIPAA



What is HIPAA?

HIPAA is the Health Insurance Portability and Accountability Act passed in 1996. The law regulates a number of healthcare areas, including privacy of patient information and security of information systems used by healthcare organizations under U.S. jurisdiction. Individuals and organizations regulated by HIPAA include the following parties - all healthcare providers, health plans and healthcare clearing houses. Concerning digital communications, the HIPAA's most important requirement is that healthcare organizations must implement "appropriate administrative, technical and physical safeguards to protect the privacy of patient information".

Back To Top



What's Protected Health Information or PHI?

Protected Health Information (PHI) is defined as "any information which identifies or could be used to identify an individual and has anything to do with past, present or future physical or mental health conditions, care or payment for care".

Back To Top



What does HIPAA address to emailing?

The requirement to protect the privacy of PHI extends to electronic transmission of PHI between two parties, such as an email message or file accessible to both parties. The law requires the individuals and organizations it regulates to assess the risks of using email and to take steps to reduce or eliminate risks that using email, both internally and externally, poses. Those risks include all unauthorized interception of messages in transmission and receipt of messages by unauthorized persons.

Back To Top



How do I protect email transmission and storage of PHI?

HIPAA regulations are specific about the end result required if a covered entity uses email - health information sent via electronic means must be protected against unauthorized access. However, these regulations don't name a particular technology, and therefore a wide range of options are available, including diverse types of encryption services.
Co-Mail is the perfect solution as it:

  • Ensures privacy for both sender and recipient using Co-Mail for emailing messages
  • Ultimately secures the content of messages from unauthorized interception or receipt by unauthorized persons
  • Works universally with all individuals and entities communicating with Co-Mail
  • Ensures receipt to intended person and no alteration to messages sent
  • Is inexpensive, easy to deploy (15 minutes to set-up a virtual mail server with chosen domain) and easy to use (all administrative operations in the hand of entity)
  • Is scalable as your business grows and its needs for digital communications expand. Co-Mail encryption-based secure collaboration productively provides all of these benefits at a reasonable price.

    Back To Top



    Is encryption technology compliant with HIPAA when using email?

    The regulations under HIPAA do not state that email encryption is mandatory, but do specify that encryption is an "addressable specification" for controlling access to PHI. The strong and tested encryption algorithms used at Co-Mail put all PHI access under your control. Encryption is the most appropriate and cost-effective method, especially compared to developing and deploying your own network.

    Back To Top



    If I do business with healthcare organizations, how does HIPAA affect me?

    If you represent or own a healthcare provider, health plan, or healthcare clearinghouse, you are a "Covered Entity". Covered Entities need to comply with HIPAA regulations on privacy, security, and the conduct of claims transactions. If you are not a Covered Entity, but do business with a Covered Entity that involves transmission of PHI, you are probably a "Business Associate" that means a Covered Entity must provide security and privacy for PHI delivered from/to you.

    Back To Top



    What are the penalties if a covered entity or individual doesn't comply with HIPAA?

    HIPAA is the first federal law of U.S. to impose criminal penalties for improper use or disclosure of PHI. Criminal violations will be investigated and prosecuted by the United States Department of Justice and Federal Bureau of Investigation and can carry a fine up to 10 years in prison and $250,000 for violating the law with malice or for profit. HHS will investigate civil violations with penalties ranging up to $25,000 a year for any given type of violation.

    Back To Top



    What if I receive PHI through a non-secure email message to my Co-Mail account?

    It depends on the situation. If you receive a sensitive message first from a company or individual you do not have an established relationship with, you should keep within PHI a requirement that means "reasonable and appropriate safeguards" must be applied. If you have a regular relationship with another party that communicates PHI to you or your entity, you need to ensure you have taken steps to manage it providing proper, organized measures of security and privacy of emails on both sides.

    Back To Top



    Is information stored at Co-Mail encrypted?

    Yes, all stored messages and data are encrypted, so access is not possible without correct authentication. However, files can be stored on servers unencrypted if an authorized person wants to do so. In this case, it should be information that doesn't refer to PHI, and that means this should be information, which is not subject to HIPAA compliance.

    Back To Top



    What does NR Lab offer to organizations covered by HIPAA regulations besides Co-Mail?

    Network Research Lab Ltd. offers another service that Covered Entities and Business Associates can use to protect PHI in digital communications and storage. This solution meets HIPAA security requirements, and includes other features that support HIPAA compliance, including requirements for physical safeguards, technical security services and administrative procedures. This solution is S-Mail, a secure email for individuals with OpenPGP and SSL enabled. S-Disk, secure storage, is attached and deeply integrated both with S-Mail and Co-Mail. NR Lab can develop PKI systems for corporations or medium enterprises if the need for accounts exceeds 500, and advanced data and key management is required.

    Back To Top



    Does your product provide digital signature capabilities?

    Yes, digital signature processing is supported for the purposes of message integrity within the system of Co-Mail. Thus, security of PHI is provided, as well as email integration and sender identity.

    Back To Top



    How are the products priced?

    Pricing depends on the quantity of accounts deployed, the length of subscription and size quota of secure mailboxes and storage. Technical support and updates are implemented free. Calculate your costs here.

    Back To Top



    Is it necessary to get Co-Mail accounts for all parties in digital communication?

    Yes. This is a security condition based on a public key principle: both sides should apply their keys to keep private data secret. However, email recipients are often external users being clients or remote associates or partners. Co-Mail ensures security with easy to operate account registration. All you need to do is sign-in to the administrative interface and generate a new account within your domain. Once the account is delegated to a specific user, you can communicate securely in compliance with HIPAA. All data is transmitted and stored under full protection.

    Back To Top



    		•
    Network Research Lab, Ltd.
    · Legal     · Privacy     · Corporate information     · Site map     · Contact us