nuvoleMail provides you with:

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information. To fulfill this requirement, HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule.

The Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, established national standards for the protection of certain health information. The Security Rule, or Security Standards for the Protection of Electronic Protected Health Information, established a national set of security standards for protecting certain health information that is held or transferred in electronic form.

The Security Rule operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards that organizations called “covered entities” must put in place to secure individuals’ “electronic protected health information” (e-PHI). Within HHS, the Office for Civil Rights (OCR) has responsibility for enforcing the Privacy Rule, while the Centers for Medicare & Medicaid (CMS) has responsibility for enforcing the Security Rule, both perform voluntary compliance activities and can impose civil money penalties.

The Security Rule does not expressly prohibit the use of email for sending electronic PHI. However, the standards for access control (45 CFR § 164.312(a)), integrity (45 CFR § 164.312(c)(1)), and transmission security (45 CFR § 164.312(e)(1)) require covered entities to implement policies and procedures to restrict access to, protect the integrity of, and guard against the unauthorized access to electronic PHI sent and received over email communications.

The standard for transmission security (§ 164.312(e)) has been updated to enforce the use of encryption. This means that each covered entity must assess its use of open networks, identify the available and appropriate means to protect electronic PHI as it is transmitted, select a solution, and document the decision. The Security Rule allows for electronic PHI to be sent over an electronic open network as long as it is adequately protected.

In 2010, the HITECH Act (Health Information Technology for Economic and Clinical Health) went into effect, amending the HIPAA Privacy and Security Rules. One of the most notable changes is in the penalties for a breach of patient information as a violation of patients’ rights under HIPAA. When HIPAA was first enacted, the maximum penalty for a HIPAA violation was $250,000. Now, the maximum penalty is $1.5 million.

In 2013, HHS and OCR announced a final rule that implements a number of provisions of the HITECH Act called the Omnibus Rule, to strengthen the privacy and security protections for health information established under HIPAA. The final omnibus rule greatly enhances a patient’s privacy protections, provides individuals new rights to their health information, and strengthens the government’s ability to enforce the law.

Fines as well as criminal penalties can be imposed on the violating institution and the individuals involved. The State Attorney General in all states now have the power to audit and penalize covered entities in their home state.

What are the penalties for not being HIPAA compliant?

nuvoleMail., an American Company based out of Northern Virgina, is a Hosted HIPAA Compliant Email Service Provider for health care providers, doctors, clinics, psychologists, dentists, chiropractors, nursing homes, pharmacies, health insurance companies, hospitals, and billing services.

99% of covered entities make the huge mistake of thinking they can become HIPAA Compliant by simply deploying an email encryption solution. What they fail to understand is there is a lot more to HIPAA Email Compliance than just using encryption.

Our team of Certified HIPAA Security Experts have engineered our email service from the ground up to comply with the standards of the HIPAA Privacy and Security Rule. We have gone through training and certification and have identified 5 things a covered entity must have in order for their email communications to be fully HIPAA Compliant:

1. Access Control. nuvoleMail has implemented technical policies and physical procedures that restricts anyone from accessing stored email messages and electronic protected health information (e-PHI) on all our servers.

2. Audit Controls. nuvoleMail has implemented hardware, software, and procedural mechanisms to record and examine access and other activity in our information systems. We keep a log of all email activity: such as user ID, date, time, sender, recipient, type of encryption, and more for a minimum of 6 years which may be examined by the Department of Health and Human Services anytime during an audit. In an effort to protect our customers from unauthorized access, we also monitor all failed login attempts, hacking activity, and password resets.

3. Integrity Controls. nuvoleMail has implemented policies and procedures to ensure that e-PHI is not improperly altered or destroyed. To protect your data, we use RAID-10, the best storage solution available. Each hard drive in our RAID-10 Array has a Meantime Between Failures (MTBF) of 1.2 Million Hours (137 years). It would take a catastrophic failure of 9 hard drives all at once, per server, for us to lose data. The odds are similar to the risk of being struck by lightening.

4. Transmission Security. nuvoleMail has implemented technical security measures that guard against unauthorized access to e-PHI that is being transmitted over the internet. We use the highest "military grade" protocol to transmit data over the internet with Transport Layer Security (TLS) 1.2 and 256-Bit AES Encryption.

Apply Now

With nuvoleMail, organizations pay a minimum start-up fee for a minimum number of email accounts. nuvoleUS has taken this approach to keep the cost down for the end-user while providing the best possible quality of service.

Cost is one of the most complex elements of delivering contemporary IT solutions. It seems that for every advance that will save money, there is often a commensurate investment needed to realize that savings. For example, developing and deploying an e-commerce application can be a low-cost effort, but a successful deployment can increase the need for hardware and bandwidth. Furthermore, owning and operating your own infrastructure can incur considerable costs, including power, cooling and staff.

Apply Now

Organizations can quickly add and subtract resources to their email need in order to meet your demand and manage costs.

nuvoleUS uses the term elastic to describe the ability to scale computing resources up and down easily, with minimal friction. Elasticity helps you avoid provisioning resources up front for projects with variable consumption rates or short lifetimes. Instead of acquiring hardware, setting it up, and maintaining it in order to allocate resources to your e-mail applications, nuvoleUS allocate elastic resources to your e-mail server.

By making your email needs elastic your business can adjust to the daily demands placed on you and allowing your e-mail needs to grow or shrink accordingly.

Apply Now

nuvoleMail is pre-configured to have high security when it comes to relaying and authentication so that no one can use your server to send spam messages. It also supports the very popular open source virus scanner ClamAV. nuvoleMail also supports black list servers and other spam-stopping mechanisms such as SPF and MX lookups.

nuvoleUS delivers a scalable cloud-computing platform that provides customers with end-to-end security and end-to-end privacy. nuvoleUS builds security into its services in accordance with security best practices, and documents how to use the security features.

Apply Now

No hardware or software to buy. Updates are done automatically. Completely scalable.

Using nuvoleUS, you can requisition compute power, storage, and other services in minutes, that makes the most sense for the problems they’re trying to solve.

Apply Now

You get Enterprise level deliverability out of the box. nuvoleMAIL builds in the latest deliverability/authentication tools including DKIM, SPF, domain keys, feedback loops.

Apply Now