I did not see a way to set up email service from openemr especially for portal notification that was in one place, there are bits here and there and from them I could not come up with a road map to implement HIPAA compliant email service in openemr , seen a drift away from SMTP, and I wonder if any one can direct me to a link that will show how to achieve that goal.
Email end to end encrypted , with best way to store and archive emails encrypted for 6 years with their attachments , and if third party needed what do you recommend ( that accepts business associate agreement to comply with HIPAA)
Hello @Mohammad
As of yet OpenEMR has no email client included in its codebase so HIPAA- compliant email is not possible from OpenEMR.
One may configure notifications to be sent to a patientās email address from the EMR but they do not contain PII. The Patient Portal has a messaging function that communicates between the patient using the portal and the practice staff using the EMR. But those messages never leave the OpenEMR server so they are not actual email, even though the interface resembles it.
End-to-end encrypted email directly from OpenEMR would be quite an attractive feature but it would take quite a bit of work. Since workarounds are available it is a low priority for development.
Best- Harley
HIPAA secure email is important for obvious reason, a communication is going to establish with patients ( SMS is not enough, even with Doximity secure HIPAA texting with patients there is more needed in real day to day practice that will require email)
Would you please direct me to the workaround you referred to in the reply, and here I am really started seeing adding one block after another to the cost where at the end it may not be much far from a complete commercial suite that will have everything in it , I mean adding Rx module, communication through email , hosting in secure HIPAA compliant server with all the bells and whistles of backing up restoring and VPSā¦ā¦etc etc ( I am factoring the aws openemr standard hosting here).
So any link to a low cost workaround for secure email is greatly appreciated.
Several of our customers have simply signed up with the paid HIPAA- compliant business gmail account and used it in a separate browser or browser window from their OpenEMR. And of course multiple other compliant email services are on offer so one has options besides google.
This forumās search tool (magnifying glass at top right of screen) is very useful. I searched on āhipaa smsā and got several results. You might try it for other related queries.
Hereās one result that seems very relevant to your post:
I searched and searched, all I found was not what I asked, It is HIPAA requirement to retain all the emails for 6 years encrypted and safe, you may need to reproduce the communications if circumstances dictate. those communications will include uploading driverās liscences, consent letters for minors, insurance cardsā¦etcā¦! so the solution needs to address not only the communication but the storage of it encrypted and safe too.
I will look into the Gmail HIPAA option and see what do they offer and what is the cost . thank you for the link.
HIPAA burden is on our shoulders and it is not just the protocolā¦!
I believe there is a bug in openemr when it comes to sending emails.
My email server rejects my emails because the sender is āwwwā rather than āwww@domain.comā. I just have not had a chance to post a bug in github, nor trouble shoot the issue myself.
My thinking is that the servers out there like google and others (I forget their names) are able to just add the @domain.com part automatically.
Also, when sending messages, openemr sends messages to all my patients not just those who are scheduled for that particular day. Again, I have not had the chance to post a bug report or to make images.
I am not able at all to sent email notification from portal to patient , only gives me option to print and then it the screen says email is not sent, I did put gmail credentials and opened port 587 for gmail using TLS, no success, any reason why?
I have read a thread about replacing cron_email-notification.php and cron_functions.php to no avail?
under security, you canāt turn āless secure appā to on? if not than this must have changed no more than 6 months ago because I read that to but was able to get it working like in august of 2022.
I do not think this is the culprit, in gmail there is a workaround which is using app password that will be used in ādevicesā that canāt have 2 way verification, so I did generate the password and plugged it in openemr , not working , does not send email notification.
This is the thread I was referring to:
I compared the php files in my openemr 7 with patch 2 to the php files in the thread and they are different, that was in April 2022 so I would think it was addressed in the patch ? obviously that was not the case, any advice how to proceed from here?
I signed up an account with sendgrid, entered credentials in notification openemr, still does not send email for PP, just print option, port 25 ( among accepted ports for TLS with sendgrid is open)?
I go to the patient dashboardā¦> PP/API accessā¦> I click on Credentials ā¦> resetā¦It populates the patientās email as user name and the password with account name, then gives me an option to print , since I want to send email I cancel ( or I print either way ) it does not send the email and gives me this notification
