Setting up HIPAA email in openemr

I did not see a way to set up email service from openemr especially for portal notification that was in one place, there are bits here and there and from them I could not come up with a road map to implement HIPAA compliant email service in openemr , seen a drift away from SMTP, and I wonder if any one can direct me to a link that will show how to achieve that goal.

Email end to end encrypted , with best way to store and archive emails encrypted for 6 years with their attachments , and if third party needed what do you recommend ( that accepts business associate agreement to comply with HIPAA)

Hello @Mohammad
As of yet OpenEMR has no email client included in its codebase so HIPAA- compliant email is not possible from OpenEMR.

One may configure notifications to be sent to a patient’s email address from the EMR but they do not contain PII. The Patient Portal has a messaging function that communicates between the patient using the portal and the practice staff using the EMR. But those messages never leave the OpenEMR server so they are not actual email, even though the interface resembles it.

End-to-end encrypted email directly from OpenEMR would be quite an attractive feature but it would take quite a bit of work. Since workarounds are available it is a low priority for development.
Best- Harley

1 Like

HIPAA secure email is important for obvious reason, a communication is going to establish with patients ( SMS is not enough, even with Doximity secure HIPAA texting with patients there is more needed in real day to day practice that will require email)

Would you please direct me to the workaround you referred to in the reply, and here I am really started seeing adding one block after another to the cost where at the end it may not be much far from a complete commercial suite that will have everything in it , I mean adding Rx module, communication through email , hosting in secure HIPAA compliant server with all the bells and whistles of backing up restoring and VPS……etc etc ( I am factoring the aws openemr standard hosting here).

So any link to a low cost workaround for secure email is greatly appreciated.

Several of our customers have simply signed up with the paid HIPAA- compliant business gmail account and used it in a separate browser or browser window from their OpenEMR. And of course multiple other compliant email services are on offer so one has options besides google.

This forum’s search tool (magnifying glass at top right of screen) is very useful. I searched on ‘hipaa sms’ and got several results. You might try it for other related queries.

Here’s one result that seems very relevant to your post:

Best of luck on your quest!

  • Harley

I searched and searched, all I found was not what I asked, It is HIPAA requirement to retain all the emails for 6 years encrypted and safe, you may need to reproduce the communications if circumstances dictate. those communications will include uploading driver’s liscences, consent letters for minors, insurance cards…etc…! so the solution needs to address not only the communication but the storage of it encrypted and safe too.

I will look into the Gmail HIPAA option and see what do they offer and what is the cost . thank you for the link.

HIPAA burden is on our shoulders and it is not just the protocol…!

  1. Get google workspace gmail account
  2. Sign a BAA agreement with google–> instant HIPAA compliance (TLS 1.2-TLS 1.3 encryption)
  3. Email credentials in globals under notifications.
1 Like

I believe there is a bug in openemr when it comes to sending emails.
My email server rejects my emails because the sender is “www” rather than “”. I just have not had a chance to post a bug in github, nor trouble shoot the issue myself.

My thinking is that the servers out there like google and others (I forget their names) are able to just add the part automatically.

Also, when sending messages, openemr sends messages to all my patients not just those who are scheduled for that particular day. Again, I have not had the chance to post a bug report or to make images.

I am not able at all to sent email notification from portal to patient , only gives me option to print and then it the screen says email is not sent, I did put gmail credentials and opened port 587 for gmail using TLS, no success, any reason why?

I have read a thread about replacing cron_email-notification.php and cron_functions.php to no avail?

did you use for SMTP Server Hostname?
did you use SMTP for Email Transport Method?

Notification Email Address, Patient Reminder Sender Email, and SMTP User for Authentication should all be the same email.

I realized that gmail does not accept any more “less secure” third party……I have to look for other options for email.

under security, you can’t turn “less secure app” to on? if not than this must have changed no more than 6 months ago because I read that to but was able to get it working like in august of 2022.

removed completely from my security tab, the switch is not there

I do not think this is the culprit, in gmail there is a workaround which is using app password that will be used in “devices” that can’t have 2 way verification, so I did generate the password and plugged it in openemr , not working , does not send email notification.

This is the thread I was referring to:

I compared the php files in my openemr 7 with patch 2 to the php files in the thread and they are different, that was in April 2022 so I would think it was addressed in the patch ? obviously that was not the case, any advice how to proceed from here?

sendgrid or or google they all work on v6,v7(1)(2), dev master.
I use them all!

I signed up an account with sendgrid, entered credentials in notification openemr, still does not send email for PP, just print option, port 25 ( among accepted ports for TLS with sendgrid is open)?

where are you trying to send an email from?

I go to the patient dashboard…> PP/API access…> I click on Credentials …> reset…It populates the patient’s email as user name and the password with account name, then gives me an option to print , since I want to send email I cancel ( or I print either way ) it does not send the email and gives me this notification

I did get the API key and password from sendgrid and plugged them in Notificcations for SMTP and opened port 25.

I use port 587 however while it is working in master I think there is a problem in v7!
I’m looking into…