Blog: Introduction to Encrypted Email APIs
Despite the growth in messaging options beyond email (such as chat, social media IM, texting), email is still the most frequently used channel – particularly for business communications – and email usage is still growing. Email is often the preferred method for exchanging files and data from inside applications and as part of workflows to complete the business processes and transactions. Integrating email communications into business processes with email APIs is not new – or difficult, but when the message or attachment contains sensitive and regulated content – like PHI or PII – things can get cumbersome in a hurry.
Most email encryption solutions designed for handling PHI and PII are siloed services with separate logins, user interfaces and multi-step processes which complicate the information exchange and frustrate senders and recipients. At a time when digital transformation and improving customer experience are high priorities – that presents a real problem. Especially if you are in the business of exchanging sensitive information all day, every day (healthcare, insurance, financial services, and related government agencies). Sending a secure message, email or file should be a standard feature of the application you are using to conduct your business (be it enterprise, cloud, web or mobile application).
Enter the encrypted email API. Utilizing an encrypted email API and web service is often the quickest and most efficient way to secure PHI / PII information in transactional business workflows that require secure email and attachments.
An encrypted email API enables a software developer to add secure messaging features to an application. The API ‘calls’ an encrypted email webservice with a request to encrypt the message and attachments, and deliver them to the intended recipient (generally to any known email address). By using an API, the developer can easily embed the secure email feature into the application user interface to make it a seamless part of the user experience and work process. Various levels of user authentication can be leveraged to eliminate extra steps while maintaining trusted security and verifiable compliance. The host application itself can be almost anything – employee work environs such as contact centers and CRMs, and/or customer facing apps such as self-service portals and mobile apps – including any number of industry specific applications such as electronic medical records systems, practice management systems, patient portals, insurance underwriting software or online banking services. Consumed as a communication feature via APIs, secure email and file attachments become an efficient, streamlined part of the business process instead of a separate application unto itself, with all the user overhead that entails.
How to use an encrypted email API – some common use cases
There are many ways to use encrypted email APIs – just think about all the ways you communicate that are imbedded in other applications or systems. From the health data collected in an app on a watch to a portal that customers use to send financial documents, there are innumerable ways sensitive data is being – or could be– transferred in an application or program. Here are a few use cases we’ve seen for using encrypted email APIs.
- Secure message center functionality integrated via API into a high-volume financial client services portal. This ensures seamless advisor support, complete access to past messages and no disruption to familiar communications – all while advancing data security compliance.
- Using APIs to integrate seamless secure messaging into your insurance payer customer experience portal platform. This integration provides a way for your customers’ members to send secure emails containing PHI from your customers’ front end using your platform, eliminating the need for members to use another method (2ndportal, mail or fax) to send the documents. Tasks like applying for insurance can also be accomplished through the portal – even sending the application forms.
- Providing remote assistance to patients and healthcare providers for care coordination:From your portal you can enable automated sending of DocuSign patient consent forms to enrolled patients, with patient reply. The patient case # and patient specific DocuSign link are embedded in the encrypted message via API.
- Connecting your mobile app to your help desk: Imagine (in just a few hours) building a fully-functioning proof of concept that handles application integration using email encryption RESTful APIs on one half of the workflow, and seamlessly connects your new help desk platform on the other. Your security and compliance teams check it out and the PHI message flow is indeed encrypted and HIPAA compliant – round trip from the customer to the service rep and back again.
- Sending employee credentials notifications: Using systems like Google Apps or Amazon AWS with email encryption APIs, you can speed up the process of giving (and revoking) employee access to secure systems like VPNs and other internal databases and systems by having the system securely notify the employee of their new credentials, automatically. This saves a lot of time for fast growing SaaS, service and software companies.
These are just a few of the ways we’ve seen customers integrate encrypted email APIs into everyday business processes, both back-end and customer-facing. The organizational impacts are not just the cost and process efficiency of the digital transformation, but also better experiences for their customers.