Is Encyro HIPAA Compliant?

    Can I use Encyro for HIPAA compliance? Can I store and send patient information using Encyro?

    Encyro complies with Health Insurance Portability and Accountability Act (HIPAA), and this compliance has been verified by an independent third-party.

    Using Encyro can help your organization become or stay HIPAA compliant. Encyro Inc acts as a business associate (BA) to HIPAA compliant entities. We strongly recommend that you sign a BAA with Encyro to meet your compliance requirements, if you are a covered entity or a business associate.

    When you use Encyro to send and receive patient data, you benefit from the data privacy and security safeguards required by HIPAA, the Health Information Technology for Economic and Clinical Health (HITECH) Act, and the Omnibus Rule of 2013. You can use Encyro to share patients’ protected health information (PHI) and Electronic PHI (ePHI) including patient names, social security numbers, email addresses, photographic diagnostic data, and other patient data.

    Encyro provides the technical safeguards required by HIPAA regulations to protect ePHI, including access control, encryption (both during transmission and when stored), audit controls, and integrity. More details on our security safeguards as well as multi-location data backups are available here.

    Third Party Communications

    You may use Encyro to communicate PHI not only with patients, but also others (third parties) such as other providers, insurance plans, billing and coding companies, transcription providers (see how Encyro makes it easy to share audio data from your phone), labs, or other service providers.

    Sending patient data to third parties other than the patient: While the data is protected within Encyro’s systems, when you send data to a third party they can download the data to their own computer or other systems. You should review such third parties for their own HIPAA compliance and privacy policies. If those entities are not themselves HIPAA covered entities, you may be required (under the HIPAA Privacy Rule) to sign a Business Associate Agreement (BAA) with them.

    Save Time and Money

    Using Encyro to communicate electronically saves you money on faxing, printing, mailing, burning X-Ray or other images to CDs, and not to mention shredding. You also save the time spent on those activities. You also save the money you would have otherwise spent on printer ink or toner, mailing fees, and stationary supplies.

    Compliance Settings

    Some of the security settings for your Encyro account depend on your usage. For instance, if your computers are already set to automatically lock the screen if left unattended, you can set Encyro to not log you out after inactivity. Your password should meet strong password requirements. To enable or edit these compliance settings, go to your account Settings and click on Compliance in the left panel. For detailed instructions, see this article.

    Related articles

    • Do you Sign a BAA?

      Encyro will sign a Business Associate Agreement (BAA) as required under HIPAA Privacy Rule sections 45 CFR 164.502(e), 164.504(e), 164.532(d) and (e). Ency...

    • IRS Pub 4557 Compliance for Tax Practitioners

      IRS Publication 4557 provides seven checklists for tax preparers to help protect tax clients' tax data. The safeguards also protect your business from a da...

    • Can I Avoid Having to Login Each Time?

      If you are being asked to login every time you visit your Encyro account, it is likely that you or your organization's compliance settings have enforced au...

    • NIST 800-171 Compliance

      National Institue of Standards and technology (NIST) Special Publication 800-171 or NIST-SP800-171, specifies requirements for non-Federal computer systems...

    • I only need to send (not receive) secure messages, do I need Pro?

      I will be sending patient medical records or client files but not receiving anything from them. Do I need Encyro Pro? If you do not need Encyro Pro to crea...

    • PCI-DSS

      PCI-DSS requires safeguarding credit card data that you receive. Email is not a secure way to ask a customer to provide their credit card information to se...

    • Configuring Compliance Settings

      (If your Encyro account is part of an organization, see organizational compliance settings.) To enable or edit compliance settings, go to your account Sett...