Securing Sensitive Data
HIPAA Compliant Emailing Best Practices
HIPAA eCommerce typically has transactional emails sent out to users. These include things like order confirmations, possible product recommendations, expiration reminders, prescription subscriptions, or medical device sales. There are also recalls, or doctors updates made on behalf of the site Overall, there are many different things a user may need to get notifications for.
However, all of these types of transactional notifications must be handled properly lest they violate HIPAA. The most common way of handling HIPAA email is to simply notify the user that they have a notification. It may even be possible to include a category or severity notice for the notification letting them know how quickly they need to look at the notification itself.
Typically, a common practice is to provide the end user with a confirmation that there is a message and then provide a link to send them to see that message. By doing so you are not actually sending any sensitive information in the email, protecting it from violating HIPAA. This provides a layer of safety in case the email becomes compromised.
As you want to avoid any potential HIPAA violation, you will want to be incredibly careful about what you send in these transactional emails. However, it is very important to be able to notify these users of key interactions within the site. This is doubly so for important medical updates.