HIPAA Compliance Legal Guide: Email Encryption

Jon Neiditz and Amanda Witt of Nelson Mullins Riley & Scarborough LLP reviewed RPost services RMail email security and RSign e-signatures and their key features in detail and determined that they meet requirements under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA). This legal opinion provides an in-depth look at e-signature law, e-security and privacy, and how RPost offers a legally effective, HIPAA compliant solution. It concludes RPost’s Registered Receipt™ email records and e-signatures are HIPAA compliant, legally enforceable and binding. Based on their analysis, the attorneys presented the following conclusions:
(1) An RPost (RMail or RSign) electronic signature can be used when a signature is required by a document governed by HIPAA and is as legally enforceable and legally effective as a ‘wet ink’ signature.
(2) RPost can be used to deliver documents electronically in conformity with the technical safeguard standards of HIPAA relating to the security of electronic communications of electronic PHI.
(3) Where notification is required by HIPAA and in the great majority of U.S. Jurisdictions in which UETA applies, RPost’s core Registered Email™ service does provide the sender with legally valid evidence that notice has been accomplished under HIPAA, as long as RPost’s resulting Registered Receipt™ email reports at least successful delivery to the recipient’s mail server.