Encrypt emails?

by

We need to maintain HIPPA compliance for forms on our website that are currently mailed to an internal email address. While the user/customers provides the info over HTTPS, we still want to make sure that we remain compliant…

Are there any plugins for ensuring that emails sent from the WordPress application to a recipient are encrypted?

Essentially, I want to make sure that the data is secured from the time a customer gives us the data to the time it arrives on our encrypted mail server.

Update on HIPPA Compliance

Disclaimer: I am not an attorney nor a compliance official. What follows is my interpretation of the rules and laws and it may not be accurate. I would encourage you to exhaust your resources to make sure that your organization is meeting all compliance requirements where applicable by law or morals.

  • HIPPA FAQ Site on Email
  • HIPAA Security Rule requirements at 45 C.F.R. Part 164, Subpart C

From a quick read of the above 2 links, it seems that the requirement is to simply try to ensure all possible and appropriate safeguards are in place. If the data can be encrypted, then it should. I am seeking further guidance from a compliance officer to ensure that we are doing everything possible to safely transport customer data to our staff.

1 Answer
1

Your best bet would be a plugin called WP Mail SMTP, though it’s only marked as being compatible as of WP 3.2.1 (but it should reasonably work with WP 3.3.1).

Just to define the process …

  1. Visitor enters site and fills out form on your page.
  2. User submits the form, which is transmitted to your server via a secure connection (HTTPS).
  3. Your server packages the submitted form data and sends it in an email to another location.

Step #3 is where you need some added security. By default WP uses mail() to send messages. But the plugin I mentioned above overrides this and allows you to send messages using SMTP. It further allows you to specify SSL/TLS encryption.

I can’t guarantee this will stand up to a HIPPA security audit, it’s your responsibility to conduct the due diligence there. But if you want to be sure submitted data is encrypted and secure from the time the browser submits the data to when it appears in your inbox, this is your best off-the-shelf bet.

Leave a Comment