Page Comparison

Recently, we've got an inquiry about how S/Notify Email Encryption for Jira and Confluence could help with HIPAA compliance. This was an interesting question, and I'd like to share our findings with you.

...

Encryption is an important element of HIPAA compliance for email. The method of encryption is not specified in HIPAA, but HIPAA-covered entities can obtain up to date guidance on encryption from the National Institute of Standards and Technology (NIST), which currently recommends the use of Advanced Encryption Standard (AES) 128, 192 or 256-bit encryption in its latest publication SP 800-45 Version 2 (see References). The following is quoted from this publication:

S/MIME

Image RemovedImage Added

The most significant feature of S/MIME is its built-in and nearly “automatic” nature. Because of heavy industry involvement from manufacturers, S/MIME functionality exists with default installations of common mail clients such as Mozilla and Outlook Express. 

...

Email encryption is considered an appropriate solution to to cover Transmission Security, and, within this area, is able to cover both, Integrity Controls and Encryption. As a consequence, if you use Jira (including Jira Service Desk) and Confluence to manage any protected health information (PHI), S/Notify is perfect to get you covered with regard to the transmission security of email notifications. S/Notify currently supports S/MIME encryption with AES-256, as recommended by NIST for highest security.

...

• Digital Guardian: What is HIPAA compliance?
• US Department of Health and Human Services: Summary of the HIPAA Security Rule
• HIPAA Journal: HIPAA Compliance for Email
• US Department of Health and Human Services: HIPAA - Technical Safeguards - PDF
• National Institute of Standards and Technology: Guidelines on Electronic Mail Security
• IOSR Journal of Engineering: Comparative Study Of AES, Blowfish, CAST-128 And DES Encryption Algorithm

Images from Wikimedia Commons (except S/Notify)