How to enhance privacy when posting through PostalMethods (for HIPAA and other purposes)
Some users – such as US healthcare entities who are required to abide by HIPAA guidelines, and financial institutions worldwide – have enhanced privacy requirements from messaging providers, such as PostalMethods. Postal Methods is audited yearly for HIPAA compliance to ensure our processes, procedures and employees follow the strict guidelines required to keep your information safe and secure.
While PostalMethods does not fall into any of the HIPAA “covered entity” categories, as potential Business Associate we have implemented several privacy-enhancing features and procedures, and suggest that you apply the following measures:
Password Security
We now require that passwords are complex. They must be at least 8 characters long and contain uppercase, lower case, numbers and special character.
Use SSL to send your message
We enable SSL-secured communication to our Web Service servers so that sensitive information, such as potentially patient-identifying information, can be submitted securely.
Use the Enhanced Privacy feature
This setting may be selected through the QuickSend Portal under Account Settings. It is intended to keep patient-identifying information on our servers no longer than is necessary to print a letter or to announce its failure (several minutes). When set, images of letters sent through the service, as well as temporary files, are immediately deleted from our servers upon completion.
Don’t place patient-identifying, or otherwise confidential, information into any data fields
Make sure that confidential information is only present in the body of your outgoing mail. All other parts of a transaction are retained indefinitely for billing purposes, so don’t insert confidential information anywhere except in the mail itself. For example, the email subject line and the MyDescription Web Service field, are also displayed as part of the Control Panel Activity and so are stored for long periods in our databases.
Do not use Postal Methods Email for HIPAA documents
While our API and QuickSend Portal System is HIPAA compliant, the Email Delivery is not and should not be used for these type documents.