How to enhance privacy when posting through PostalMethods (for HIPAA and other purposes)

Some users - such as US healthcare entities who are required to abide by HIPAA guidelines, and financial institutions worldwide - have enhanced privacy requirements from messaging providers, such as PostalMethods.

While PostalMethods does not fall into any of the HIPAA "covered entity" categories, as potential Business Associate we have implemented several privacy-enhancing features and procedures, and suggest that you apply the following measures:

Use SSL to send your message

We enable SSL-secured communication to our Web Service servers via https://api.postalmethods.com/PostalMain.asmx, so that sensitive information, such as potentially patient-identifying information, can be submitted securely.

Use the Enhanced Privacy feature

This setting may be selected through the control panel under User Settings -> Security -> Advanced Settings. It is intended to keep patient-identifying information on our servers no longer than is necessary to print a letter or to announce its failure (several minutes). When set, images of letters sent through the service, as well as temporary files, are immediately deleted from our servers upon completion.

Don't place patient-identifying, or otherwise confidential, information into any data fields

Make sure that confidential information is only present in the body of your outgoing mail. All other parts of a transaction are retained indefinitely for billing purposes, so don't insert confidential information anywhere except in the mail itself. For example, the email subject line and the MyDescription Web Service field, are also displayed as part of the Control Panel Activity and so are stored for long periods in our databases.