SmarterMail HIPAA/FINRA/SOX Compliance

What makes email HIPAA, FINRA or SOX compliant?

There are several U.S. regulatory agencies/requirements that have a stake in email compliance, including:

  • Sarbanes Oxley (sometimes called SOX) - related to investments and securities
  • HIPAA - related to the protection and privacy of health information
  • FINRA - related to investments and financial advisors

Some countries, especially in the European Union (EU), have similar regulations under different names. These agencies and regulations cover a broad range of policies and practices, of which email is only one part. Even though these are separate requirements, all have similar requirements when it comes to email:

  • The email must be secure.
    SmarterMail has no known vulnerabilities and has included important intrusion detection features--meaning that it is hard to break in (hack) the SmarterMail server and attempts to do so trigger alerts. Additionally, SSL should be implemented for packet transfer.
  • The email must be private.
    The email system must have reasonable protections to prevent unauthorized users from seeing email or information that they have no direct business in seeing. This means that a solid password system and permissions tiers must be set up to adequately prevent unauthorized access of accounts, even by others authorized users. SmarterMail has an industry-standard architecture in place for this requirement.
  • The email must be adequately archived.
    In case something unforeseen goes wrong, investigators need the ability review all material effectively. This means that the email system must archive all emails (even those that have been intentionally deleted or moved) and this archive must reasonably searchable at the system admin level. SmarterMail has an archive system that is both robust and easily searchable.

Is SmarterMail compliant with HIPAA, FINRA and SOX regulations? 
It can be difficult to keep track of the various changing requirements, but SmarterTools has made every effort to ensure that SmarterMail fully complies with these requirements. While SmarterMail can handle message, users, and archiving in a compliant manner, it should be noted that the mail server is reliant upon a compliant network to transfer emails to and from the server. If you have any questions about the compliance of your network, you should contact a network specialist to assist you with this aspect of your infrastructure.

 

Feedback

Is there a plan to add email encryption to SmarterMail at least at the domain level? Encrypted emails such that the webmail interface is rendered useless, and only email clients, with some form of encryption software added, will be able to read or send readable emails?
Michael Muller (6/28/2018 at 7:44 AM)
Hi Michael. At this time, we don't have this type of feature planned. However, I have added your request to our discussion list for product suggestions. Thank you!
Andrea Free (6/28/2018 at 1:05 PM)