Keeping your network secure can be challenging, but when you add in HIPAA compliance and SOC regulations into the mix it can be difficult to know what tools are right for your environment.
When employees are sending messages to clients and patients, how do you ensure that the emails and data generated remain compliant? We look at some of the top HIPAA compliant software solutions for patient management.
Here is the list of the best HIPAA compliant solutions:
- Files.com EDITOR’S CHOICE A file storage, sharing, and transfer service that is HIPAA compliant. Unlike many file storage services, Files.com supplies customers with a Business Associate Agreement to enforce HIPAA compliance.
- RapidFireTools Compliance Manager Geared towards IT departments and MSPs, Compliance Manager focuses on automating compliance documentation, and proactively scanning the network to find HIPAA violations, while offering action steps to get those issues corrected.
- GFI FaxMaker An on-premises standalone tool that provides HIPAA compliant internet-based faxes
- Sendinc A Microsoft Outlook plugin that encrypts emails, ideal for HIPAA compliance.
- Mitel HIPAA-Compliant Phone Systems Mitel’s vast network of data centers and cloud-based applications put them high up on this list.
- Doxy.me Telemedicine application that easily allows patients to schedule online appointments with their doctors.
- Tiger Connect Telemedicine application that leverages SMS to secure an encrypted connection between doctors and their patients.
- Carbonite A cloud-based backup solution that incorporates HIPAA friendly protocols to keep network shares secured and compliant.
- Paubox An mail encryption service that provides automatic secure email with zero steps needed from either the sender or the recipient.
- RingRx Simple platform that offers a secure faxing, VoIP, chat, and video package for any sized business.
- UpDox A clinical focused CRM that blends secure patient communication with access to medical records, internal communication, and payment processing.
The best HIPAA compliant software solutions
What should you look for in a HIPAA compliant system for your business?
We reviewed the market for data management systems that reinforce HIPAA compliance and analyzed tools based on the following criteria:
- A system that enforces user account requirements for data access
- Logging that identifies the user responsible for each action on data
- System security to prevent data theft
- Behavior analysis to identify account takeover or insider threats
- Controls for data movement
- A free trial or a demo package so you can fully examine the service before buying
- Value for money from a competent service that is fully compliant with HIPAA
With these selection criteria in mind, we looked for reliable systems that will provide good data management functions together with thorough logging and activity tracking functions.
1. Files.com (FREE TRIAL)
Files.com is a file management system. It provides storage space, it also offers an SFTP server to transfer files to other businesses, and it can work as a central shared space for document collaboration.
The Files.com system is a cloud service. In terms of legal responsibility for any loss of data under HIPAA, services such as Files.com present a tricky problem. On the one hand, this is just a storage solution and file handling service – it is a tool and so isn’t responsible for the data of its users much in the way that a filing cabinet or an email system would be. However, data is held on the servers owned by Files.com and so, under HIPAA, the service could be held responsible for the safety of any personal information stored on its premises.
- Access controls
- Encryption in transit
- Encryption protected storage
- HIPAA-compliant BAA
- 7-day free trial
Many service providers claim that HIPAA doesn’t apply to them, thus dodging any responsibility. Unfortunately, this is a short-term fudge in order to win customers and when legal scrutiny is focused on these business relationships, everyone gets fined for non-compliance.
Files.com addresses the issue of co-responsibility for data security. Access controls are provided in the form of encrypted storage and access credentials that integrate two-factor authentication. None of the Files.com technicians are able to break into an account and access the data. So, while Files.com is responsible for the physical statuses of its servers, the customer still holds the reigns in terms of logical access.
Similarly, data in the process of being transferred is protected by encryption and session security. The protection of connections is the responsibility of Files.com and is offered as part of the file management service. However, the decision over where files are sent is entirely the responsibility of the customer.
That shared responsibility for data confidentiality and security is spelled out in a Business Association Agreement (BAA), which is part of the documentation set that is created when a company opens up an account with Files.com. The BAA is worded and structured in full compliance with the requirements of HIPAA, the HITECH Act, and the Omnibus rule that binds those two data protection guidelines together. Any company in the Health sector that uses Files.com will need to show that BAA to a compliance office when undergoing an audit.
- Features built-in HIPAA management tools for auditing, access control, and encryption
- Scalable solution, making it ideal for both small businesses and enterprises alike
- Allows users to create links to files that have special rules, such as expiration dates or click tracking
- Supports integrations into other cloud-based storage options such as Dropbox, Google Drive, and OneDrive
- Would like to see a longer trial period
The Files.com service is easy to use and creating an account is a straightforward service. You can try the service without obligation before fully committing by taking advantage of the Files.com 7-day free trial.
Files.com is our top choice for a HIPAA compliant solution because the Cloud-based service has all of the legal problems of shared responsibility sorted out. Outsourced services create a headache when dealing with personal information in the US Health sector but Files.com has put in place all of the procedures and paperwork to pass any HIPAA compliance audit.
Get 7-day free trial: files.com/signup
OS: Cloud based SaaS
2. RapidFireTools Compliance Manager
MSPs may find maintaining HIPAA compliance on their networks a challenge. Even when following best technical practices it can be hard to produce documentation and monitor the network in real-time for any violations. To solve this problem, RapidFireTools has developed Compliance Manager.
- Automated compliance documentation.
- Real-time network scanning.
- Automatic storage of compliance reports.
- Non-compliance reports and suggested remediation.
- Easy to use interfaces across all products.
Built with network administrators in mind, Compliance Manager takes the lead by automatically generating documentation and proof that your client is maintaining compliance. In addition to documentation, Compliance Manager will scan your network and report back any non-compliance issue it discovers, along with a recommended plan of action.
In the event of an audit, Compliance Manager saves all of your documentation to one place making it easy to respond to any requests an auditor may have. As a network administrator or MSP, this tool takes the headache out of HIPAA and makes it easy to see the value for both you and your client.
- Caters to larger organizations and MSP environments
- Automatically generates proof of compliance documents
- Offers automated compliance scans paired with actionable resolution steps
- Would like to see a trial version rather than a demo
You can request a demo of Compliance Manager for free. Pricing for the HIPAA compliance module starts at $199.00 (£159.27) per month, with most additional modules starting at $79 (£63.23) per month.
RapidFireTools Compliance Manager is our top choice for HIPAA system manager because it automates compliance documentation as it enforces security protection. The Compliance Manager is a particularly useful system for managed service providers that also need to generate SLA compliance documentation. The compliance failure detection in the tool is a great guide to areas of the system that need immediate attention.
3. GFI FaxMaker
If your organization is looking for a secure modern solution to faxing, GFI FaxMaker has you covered. For years GFI has provided a number of tools to the healthcare industry, and now this extends into HIPAA compliance faxing.
- Fax confirmation and receive notifications
- Lightweight installation and requirements.
- Compatible with almost all fax modems.
- Priced competitively with similar products.
- Allows for programmable one push faxing.
- Integrates with your existing contact list
GFI FaxMaker provides your organization with a range of new options for sending and receiving PHI and other sensitive information safely, and conveniently. Traditional fax machines may not physically be secured in your office, or may suffer from a hardware failure that can leave your office dead in the water.
FaxMaker encapsulates fax messages and transmits them securely over the internet by integrating with your mail server. FaxMaker can automatically route faxes to a specific mailbox and you can delegate access to that mailbox based on your own security policies. With internet faxing in place you won’t have to worry about faxes sitting out in the open, or manually moving them into a secure location.
FaxMaker can integrate into an Active Directory environment and allow for pre-programmed faxing destinations. This minimizes the margin of error when sending faxes and is the preferred way of sending faxes among most healthcare organizations.
You’ll also have the option to enable send and receive receipts to let you know when your fax has arrived. This same feature can also let you know if a line is busy, or if there were any problems delivering your fax, such as a busy line or connection issue internally.
GFI FaxMaker is available only for Windows Server 2008-2019 environments. The application is incredibly lightweight and easy to manage. The only additional piece of hardware you’ll need to get up and running is a business fax modem. A list of all compatible hardware can be found on their site.
- Modernizes faxes to be both HIPAA compliant and easier to manage digitally
- Offers access controls for specific user accounts
- Offers a wide range of security policies that are simple to implement
- Volume-based pricing discounts are available
- Focuses solely on faxing
The standalone product for small businesses between 10-49 users can expect to pay $72.00 (£57.58) per user, per year. Larger organizations can expect to pay slightly less per user depending on size.
GFI Faxmaker is available as a free trial to see if internet faxing is right for your business.
Sendinc is an email encryption tool that enables you to send secure messages right from your email application. When enabled, the program automatically uses military-grade encryption to secure your email so that only the recipient can read it. This is ideal for HIPAA compliance and provides an alternative to faxing PHI between facilities. Sendinc can be deployed as an add-in for Microsoft Outlook, making it lightweight and easy for everyone in the office to use.
- 256-bit military-grade encryption.
- No installation required.
- Easy to use Outlook plugin.
Under the settings, you’ll have the option to default all your email as encrypted, or only the messages you choose. Sending an encrypted email is as easy as checking the “Send Secure” button next to your email in Outlook.
One of the best features of Sendinc is that recipients do not need any software on their end to receive encrypted emails. By simply creating a free account and having access to the link, they are able to decrypt and read the message.
Sendinc is an excellent tool if you’re looking to just focus on the email side of HIPAA compliance. Its ease of use and flexibility makes it stand out from other software that requires installation and configuration before use.
- Allows users to encrypt emails directly from their default mail app
- Offers default encryption for all messages as an option
- Recipients do not need special software to decrypt messages
- Focuses solely on email encryption
You can test out Sendinc for free to secure your emails. Plans start at $48.00 (£38.52) a year for additional features such as increased emails per day, unlimited message retention, and custom message expatriation. Try Sendinc for free.
5. Mitel HIPAA Compliant Phone and Cloud Solutions
Mitel is a widely known and trusted name in the communication industry, so it’s no surprise that they have an entire cloud-based infrastructure dedicated to serving its customers who must follow HIPAA and SOC regulations.
Mitel ensures any and all voice communications are routed through secure channels that abide by the HIPAA Security Rules. Mitel’s vast network of cloud-based data centers provides peace of mind when it comes to your organization’s uptime, and the ability to effectively communicate across multiple healthcare facilities.
- Cloud and on-premises options for healthcare facilities.
- Different HIPAA solutions for multiple forms of communication.
- Available for both VoIP and PBX phone systems.
- Fast and responsive customer service.
- A comprehensive multi-channel solution.
Mitel’s HIPAA services extend across all mediums of communication and encompass tools such as voicemail, live video, email, and instant secure messaging. Mitel is our number one choice not just because of its ease of use, but because Mitel provides a suite of services that cater to many of the challenges that Primary care facilities face.
For organizations that are looking to securely share electronic records with patients, Mitel’s HIPAA based solution allows for you to securely share surveys and other post-discharge tasks with your patients. Mitel’s cloud can manage and automate your Hospital Consumer Assessment of Healthcare Providers and management Systems (HCAHPS) online medical forms right from their servers in secure data centers.
One of the major benefits of having a cloud-based provider is that there are no costly hardware installations or need for ongoing maintenance. Depending on how many employees your organization has, an on-premise solution can get costly fast. Thankfully, Mitel’s cloud base solutions don’t require any additional hardware outside of phones and can operate over your existing PBX or internet lines.
With much of your communications infrastructure offsite, having solid customer support and fast response time is paramount. Upon testing, we found that you can get a hold of a representative right away who will collect your information, and then have a specialist call you back within 15 to 30 minutes.
- Administrators can enforce encryption for all calls
- HIPAA features can secure voicemail, email, instant messaging, and live video sessions
- Supports secure post-discharge forms and automated tasks
- Affordable for both small and large businesses
- Does not include robust HIPAA auditing or monitoring tools
Mitel’s pricing will vary depending on your organization’s size and needs but you can expect to pay anywhere from $21.00 (£16.80) to $39.00 (£31.20) per user if your office has between 50-100 employees. For the most accurate pricing information, you can contact their support team.
Doxy.me is a tele-medicine software built with HIPAA compliance at it’s foundation. Doxy.me allows secure communication between patients, providers, and clinics. Each connection is secured with 128-bit encryption to ensure that privacy is always maintained. Communications through Doxy.me are HIPAA, GDPR, and PHIPA compliant.
- Easy to use for both doctors and patients.
- Scalable for both small and large healthcare providers.
- No accounts or downloads required.
- No contracts, cancel anytime.
- Customizable landing pages and branding.
The practice management system can use special links that are sent to patients by their doctor to establish a connection and consult with their physician in just a few clicks. For people looking to schedule a video conference with their doctor, no account or download is needed. According to a study by Clemson University, Doxy.me was found to be one of the easiest tele-medicine apps to use for both patients and medical professionals.
Doctors can use the live chat feature to utilize both text messaging and video conferencing at the same time, making this one of the most flexible tele-medicine apps on the market. On the back end, doctors can also view their patient queue to see who has already checked in, and who hasn’t arrived yet. This allows doctors to move their schedule around, and toggle between patient information quickly and efficiently.
Doxy.me’s flexibility extends to both small and large clinics alike by providing a Business Associate Agreement to all of its accounts, even its free version. The clinic plan allows for customized branding, landing pages, and even unique sub-domains. Additional features such as admin control and room access are also available to help manage different facilities needs for secure telecommunications.
With so many other options available, Doxy.me really shines in the medical space where other programs fall short. The attention to detail, security standards, and added features make Doxy.me a solid choice when it comes to choosing a HIPAA compliant video conferencing solution.