Sending HIPAA-Compliant Messages
- Getting Started
- Administrator Tools & User Management
- Cases & Activities
- Contacts & Companies
- Events & Calendar
- Tasks & Workflows
- Messages & Email
- Adding HTML to Your MerusCase Signature
- Composing a New Message
- Forwarding Messages to your Merus Email
- Linking a Message to a Case
- Marking a Message as High Priority
- New Message Alerts
- Outbox vs. Sent
- Sending HIPAA-Compliant Messages
- Sending a Message from Case Activities
- Setting up Incoming Emails in Merus
- Setting up Outbound Emails in Merus
- Shared Inboxes
- Documents, Templates & Uploads
- Invoices, Payments & Billable Time
- Personal Injury Features
- Workers' Compensation Features
- Immigration Features
- Frequently Asked Questions
Sending a HIPAA-compliant email message is very similar to sending a regular email message through MerusCase. The only difference is that you need to send the message through your user+ account, which we will walk you through in this article. Note: if you do not already have your outbound email account setup with Merus, the "From:" address will default to your user+ account.
How to Send a HIPAA-Compliant Message
- Go to Messages > Compose or click on click on Compose on the right side of your screen from you Inbox tab.
- In the "From:" field of the Compose page, click on the drop-down menu that displays your email address.
- Select your user+ address from the list, which should look something like "firstname.lastname@example.org."
- Continue composing your message as you normally would.
What does a User+ Account Do?
When you send an email from your user+ account in MerusCase, it prompts the receiver to sign into the MerusCase system in order to securely access the message and any attachments from your email, as you can see in the screenshot, below. Additionally, if the receiver of your email doesn't have a MerusCase account, they'll also be asked to create an account before they can access your message.
Why does the message need to be accessed through MerusCase in order to be HIPAA-compliant?
Sending and receiving messages exclusively through MerusCase allows us to keep your message, and all related information, encrypted on our servers. Alternatively, when you send an email without using your user+ account from MerusCase to an @gmail.com or other email account address, the message is then transferred from our severs to the servers of the receiver's email provider. When your data changes servers, we no longer have control over how and when that data is accessed. That said, by keeping the message solely on our servers, we can ensure that your message data remains completely encrypted and inaccessible by potentially ominous forces.