Does Secure Mail encrypt email messages that I send from my existing email account?
No. Secure Mail does not modify or affect your existing email account in any way. All Secure Mail messages are accessible only via mysecurepractice.com or the Secure Mail Outlook Plugin. In order to send a Secure Mail, the sender would have to first log in to mysecurepractice.com. Even after signing up with a Secure Mail account, messages sent from your regular email address will not be encrypted.
The email address which you use to sign up for mysecurepractice.com is used as a username in the system. It allows you to log into your account, it is used to send you notifications, and when logged into mysecurepractice.com, it will be the target your peers will use to send you Secure Mail messages.
If Secure Mail doesn't encrypt my emails, what makes it HIPAA compliant?
Unlike regular email, Secure Mail does not involve the transfer of data from one server to another. It is a messaging service that is designed to feel as familiar as regular email while requiring users to log in to our secure server via the mysecurepractice.com portal.
All communication between Secure Mail users occurs on our secure server. By never leaving the server, your Secure Mail messages are never opened up to the risk of interception, and remain safely encrypted from drafting to sending to receipt.
Is Secure Mail still HIPAA compliant if I don't turn on the two-step verification process?
Yes, Secure Mail is fully HIPAA compliant without the two-step verification feature. The two-step verification feature is one we offer for those who want the highest level of security. By having a short code delivered via phone or SMS, you can guarantee that your password is safe, even if your regular email address is compromised.
This step is completely optional, and turning it off is still fully-compliant with HIPAA. Some doctors elect to turn it off to streamline the registration and password reset processes.
If two-step verification isn't required to remain HIPAA compliance, are there any guidelines or suggestions for when I should use it?
In practice, it may be best to leave two-step verification off when inviting other dental offices and businesses since these recipients are likely to have a phone tree on their publicly available numbers.
Turning on two-step verification for patients is much less likely to cause a problem since patient phone numbers are much more likely to be personal cell phones and unlikely to be answered by a phone tree.
Whether or not to use two-step verification ultimately depends on your preference. But please keep in mind that should you decide to use two-step:
- You must provide a correct telephone number for the recipient.
- This must also be a number that does not answer with a phone tree (i.e. a recorded or automated voice that provides numerical options for the caller to dial).
If both these conditions are not met, the recipient will not be able to register without further assistance from either you or PBHS Support. The invited party must be able to receive the secret verification code either via text or over the phone.
Here is the extra step invitees will see if you have activated two-step verification:
The telephone number options available to your invitees in the dropdown menu will be whichever number(s) you entered for them when you set up the invitation. So again, if two-step is enabled, make sure to enter a valid number for the invited party. This number must either:
- ring through to a cell phone or direct land line where the recipient can listen to the automated voice giving the code immediately upon picking up the phone;
- or go to a cell number where the recipient can receive the code as a text message.
I received a Secure Message from another practice, but I am unable to view the message in my email.
What you received was not the actual message but a notification that there is a message from them for you on our secure server. This message can be viewed by logging in to your Secure Mail account at mysecurepractice.com.
Please keep in mind that this notification is generated specifically for the email address which originally receives it. If a notification for one email address (A@email.com) is forwarded, automatically or otherwise, to another email address (B@email.com), you will not be able to access the Secure Mail by logging into mysecurepractice.com as B@email.com.
You must log into the account associated with the initial recipient, A@email.com. Please keep this in mind if you have multiple Secure Mail accounts, or receive a Secure Mail from a doctor, which is sent to an email address other than your typical Secure Mail login.
This is my first time trying to see a Secure Message with Secure Mail. How do I register my email address and create a password?
If your email address is not yet registered on our Secure Mail system, then the notification emails from our system will also automatically include a registration link. You must click on this link in order to register your email. After successfully registering, you will receive a second email, which will prompt you to create a password for your new account. Follow the link in this email to agree to the terms of service and generate your password. Only after you have registered your email and created a password will you be able to log in to your Secure Mail account.
Once your email address is registered, it will act as a username for your user account in Secure Mail. You can log in to your Secure Mail user account at mysecurepractice.com by entering your email address in the username field and the password you created in the password field.
I was unable to complete registration for Secure Mail because I never received my code.
The inviting party might have entered an incorrect telephone number for you to receive the code. They might have used a number that is no longer valid, incorrectly entered a valid number, or entered their own number in that field because they didn't realize they were supposed to enter yours. If they did put a working number for your practice, the automated code won't get through if that number answers to a phone tree or other automated phone service.
You must contact the office who invited you and have them correct your phone number from the Manage Account section of their Secure Mail account. Once they've done that, you should be able to click on the registration link in your email again and get the code to come through on the number you provided.
I sent a Secure Message to an unregistered party /new user. I had on two-step verification so the receiving party was required to receive a verification code over the phone or via text, but they contacted me to tell me that the code was never received.
You can verify with the receiving party on which number they will be able to receive the code (either a direct land line that has no phone tree or a cell number). You can see and change the receiving party's phone number by logging into your user account, then hovering over the brown field in the upper right hand corner that displays your name.
The second option in this dropdown menu is "Manage Account". (If you do not see "Manage Account", this means that your user account is not set up with User Manager privileges. Either log into a user account with User Manager privileges or contact PBHS Support at Support@PBHS.com or 888-840-0739 to request that those privileges be added to your account.) Clicking on "Manage Account" will bring you to a list of all the users you've invited.
Each user entry will have an "Edit" button on the far right hand side. Click on "Edit" for the invitee in question. This will take you to a page where you can edit the invitee's phone number and cell number. Be sure to hit the green "Save" button in the upper right-hand area.
Once you've updated the number to the one your invitee has requested, let them know so that they can retry the registration link.