Thatch is a HIPAA compliant virtual mailbox service with locations in CA, TX, IL and PA. We have looked through the landscape of other virtual mailbox providers to see if any other companies can also provide these services.
Earth Class Mail is one of the first and largest virtual mailbox companies, so we decided to look into their HIPAA program to see if it works for all healthcare companies.
As healthcare is split between outdated laws and regulations and technology adoption, interest in HIPAA compliance and the use of a real business address is becoming more and more important.
There are a lot of considerations when selecting partners for HIPAA compliance and we hope to break down a compliance overview of Earth Class Mail.
What is Earth Class Mail Virtual Mailbox?
Earth Class Mail manages postal mail online. In addition to managing postal mail online, Earth Class Mail offers mail forwarding services to ensure timely and secure delivery of important documents.
It was founded in 2004 and have worked with thousands of companies like Zapier, Reddit, and Lyft. They are helping companies go paperless and bring efficiencies to their operations.
Understanding HIPAA Compliance
HIPAA compliance is a critical aspect of any healthcare organization’s operations. The Health Insurance Portability and Accountability Act (HIPAA) sets the standards for protecting sensitive patient data, including Protected Health Information (PHI). HIPAA compliance is not just a legal requirement but also a moral and ethical obligation to ensure the confidentiality, integrity, and availability of patient data.
To achieve HIPAA compliance, healthcare organizations must implement robust security measures, including administrative, technical, and physical safeguards. These measures include:
-
Conducting regular risk assessments to identify potential vulnerabilities
-
Implementing policies and procedures for handling PHI
-
Training employees on HIPAA guidelines and best practices
-
Using secure communication channels, such as encrypted email and messaging apps
-
Ensuring business associates sign a Business Associate Agreement (BAA) to ensure they handle PHI securely
By understanding HIPAA compliance and implementing these measures, healthcare organizations can protect patient data, maintain trust, and avoid costly penalties and reputational damage.
What is a Business Associate?
A Business Associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a Covered Entity. A business associate is any person or entity that works with Covered Entities to help them in the course of business but not a direct employee to the Covered Entity.
Business Associate Agreement
If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement (BAA) must be in place to ensure that PHI is protected properly. A BAA is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance.
Earth Class Mail’s Virtual Mailbox Service
Earth Class Mail’s virtual mailbox service is designed to provide healthcare professionals with a secure and efficient way to manage their physical mail. With Earth Class Mail, users can:
-
Receive and manage mail online, reducing the need for physical storage and handling
-
Scan and forward mail to any location, ensuring timely and secure delivery
-
Use a virtual mailbox to receive mail and packages, eliminating the need for a physical address
Earth Class Mail’s virtual mailbox service is HIPAA compliant, ensuring that sensitive patient data is protected and secure. With features like two-factor authentication and secure data transmission, users can trust that their mail is handled with the utmost care and confidentiality.
Earth Class Mail and the Business Associate Agreement
We checked the Earth Class Mail site for mention of their ability to sign a Business Associate Agreement (BAA). We found the following information on their terms of services page.
In addition to virtual mailboxes, Earth Class Mail offers virtual office solutions that are essential for healthcare professionals needing to maintain confidentiality and HIPAA compliance.
On that page, we can see that Earth Class Mail does not currently sign a BAA with its customers without prior consent.
Notify us of HIPAA coverage. If you are a covered entity or business associate under the Health Insurance Portability and Accountability Act, (“HIPAA”), you may not use our Services to receive or process mail that includes “protected health information” (PHI) as defined in HIPAA unless you have notified ECM in advance and ECM consents to process PHI on your behalf.
In further research Earth Class Mail has 80 processing facilities which are not owned by the company. They are PO Boxes and Retail mail centers that are unable to comply with all HIPAA requirements.
-
Scan and forward mail to any location, ensuring timely and secure delivery through mail scanning services.
-
Earth Class Mail ensures that their virtual mailbox service is a secure service, protecting sensitive information through robust security measures.
Security Measures
Earth Class Mail takes security seriously, implementing robust measures to protect user data and ensure HIPAA compliance. These measures include:
-
Two-factor authentication to prevent unauthorized access
-
Secure data transmission using SSL encryption
-
Regular security audits and risk assessments to identify potential vulnerabilities
-
Compliance with HIPAA guidelines and regulations
By implementing these security measures, Earth Class Mail provides a secure and reliable virtual mailbox service that healthcare professionals can trust.
Is Earth Class Mail HIPAA Compliance?
The BAA is a key component of HIPAA compliance between a covered entity and a business associate. The Department of Health and Human Services (HHS) plays a crucial role in regulating telehealth practices and ensuring HIPAA compliance. In conversations with Earth Class Mail they currently won’t sign a BAA.
When using Earth Class Mail in a healthcare context, it is important to adhere to HIPAA rules to ensure the protection of PHI. You can use it to receive mail, but opening and scanning would be prohibited without a BAA. The evolution of virtual healthcare practices has been significantly influenced by government departments like the Department of Health and Human Services.
Ultimately, Earth Class Mail may not be HIPAA compliant, and it’s important to be careful about using them if you’ll be storing or transmitting PHI. It is advisable to consult qualified legal services for specific guidance on HIPAA compliance and the use of virtual mailboxes.
Virtual Post Mail (VPM) is another service provider that offers HIPAA compliant virtual mailboxes with features like mail scanning and forwarding.
Conclusion: Earth Class Mail may not be HIPAA compliant.