1 min read

How to verify an email recipient

Picture of Tshedimoso Makhene Tshedimoso Makhene Feb 4, 2025 6:29:11 PM

Cybersecurity
How to verify an email recipient

95% of cyberattacks are due to human error, including sending emails to the wrong recipient. This statistic demonstrates the need for healthcare workers to verify the recipient of an email before sharing any protected health information (PHI). 

 

Verifying email recipients

Verifying an email recipient is not a one-step process; it requires constant verification throughout the email lifecycle. Here are some best practices to consider:  

  • Implement email whitelisting: To prevent sending PHI to unauthorized recipients, maintain an approved list of verified email addresses and domains. Whitelisting ensures that emails are only sent to authorized healthcare providers, patients, or entities.
  • Verify the recipient manually: For added security, cross-check the recipient’s email address before sending any confidential information:
    • Confirm internally with colleagues or within your organization’s database.
    • Call the recipient directly to verify their email address.
    • Avoid auto-suggestions in email clients, as they can lead to sending information to the wrong person.
  • Encrypt emails: Encryption ensures that only the intended recipient can access the email. Some encryption options include:
    • TLS encryption ensures secure transmission but requires the recipient’s email provider to support TLS.
    • S/MIME is an end-to-end encryption protocol that encrypts the email's text and attachments.
  • Enable read receipts and access logs: Tracking email access helps verify that only the intended recipient opened the message. Some email security platforms provide access logs, read receipts, and real-time notifications when an email is viewed.

 

FAQs

How can I ensure my email provider is HIPAA compliant?

Check if your provider offers encryption, secure storage, and a business associate agreement (BAA), which is required for HIPAA compliance.

 

What should I do if I accidentally send PHI to the wrong recipient?

Immediately notify your organization’s IT or compliance team, attempt to recall the email, and document the incident as per HIPAA breach reporting protocols.

Read also: When PHI is sent to the wrong email address

Download the HIPAA compliant email checklist

Download the HIPAA compliant email checklist