HIPAA Email disclaimers: everything you need to know

Understanding HIPAA

The Healthcare Insurance Portability and Accountability Act (HIPAA) came to be in August 1996. Its purpose is to help reduce healthcare fraud and abuse; mandate industry-wide standards for personal healthcare information (PHI); and require confidential handling of PHI.

All healthcare providers, healthcare clearinghouses, or organizations that transmit health data electronically must have HIPAA compliant emails.

The consequences of not complying with HIPAA regulations are big: costly penalties or potentially losing your license.


What are HIPAA compliant emails?

HIPAA requires emails to be secured and protected when sent outside of a guarded internal email network, beyond the firewall. This is to warrant the protection of the patient and to secure their personal information from being hacked by third parties.

Organizations can encrypt their emails using NIST standards (National Institute of Standards and Technology). They should most preferably encrypt every single email sent. However, only encrypting emails is not enough.

It is still possible that the email ends up in the wrong mailbox. For a situation like this, it is crucial that every email you send out also has an extra added text just below your signature which states the confidentiality of the email. These instructions provide a reduction in liability for the sender and most of all, add a layer of protection for the recipient

Discover Letsignit


Automatic disclaimers

Firstly, disclaimers in the form of privacy statements ensure that the recipient understands that their email is not 100% safe and if they respond it is at their own risk. Secondly, it also explains to the recipient that the information within the email is confidential and to report miscommunication.  

The disclaimer should list the following information:

  • Confidentiality of the email
  • The intended receiver of the email
  • What the recipient should do if they are not the intended recipient
  • The consequences of misusing the information

 HIPAA compliant disclaimer

You can guarantee a HIPAA compliant email with disclaimers automatically added in each email signature. Using Letsignit, you can create and deploy the disclaimers to every employees’ email all from one centralized and easy-to-use platform. Finally, the disclaimers are automatically in every outgoing email, so you don’t have to think twice when hitting send. With HIPAA violations tripling in the last 10 years*, you want to make sure you are taking all the steps to protect you and your patients.

Free trial



The end