1. Home
  2. Compliance
  3. HIPAA
  4. HIPAA Onboarding and Installation

HIPAA Onboarding and Installation

This article provides onboarding resources and installation steps for Secure Email and Vault to help you get started.


Overview

HIPAA regulations aim to protect the privacy and security of people’s health information and give them certain rights over their information. HIPAA stands for Health Insurance Portability and Accountability Act. It is a United States law that was passed in 1996 to protect the privacy of people’s Protected Health Information (PHI).

Using XQ’s Encrypted Email and Vault products, you can protect PHI from unauthorized access throughout its lifecycle.


Onboarding Resources

Contact Support

The XQ support team is dedicated to helping you troubleshoot issues, providing resources, and answering any questions you may have about the platform.

See How to Contact Support for more information on the types of support we offer and tips for contacting support.


Step 1 – Setting up XQ

  1. Create an XQ account and log in to your XQ Dashboard
  2. Send your team ID to your XQ account representative or to support@xqmsg.com in order to be granted your software licenses. 
  3. After logging into your XQ Dashboard, we recommend adding team members.
    1. This step and the next can also be done via an Entra (AD) Integration.
  4. Assign your team members the required licenses for both Email and Vault. 

Note: An active XQ license is required for future steps (using Vault specifically), so it is recommended that you wait until they are available before proceeding further.


Step 2 – Setting up Secure Email

Installation steps differ depending on the email client you use. To meet CMMC compliance requirements, you can use Secure Email with either Outlook or Gmail.

See the Email Deployment Guide to get started.

Outlook

  • Outlook users can install Secure Email using XQ’s Secure Outlook Add-In. Using the Secure Outlook Add-In, users can encrypt messages and attachments directly from their Outlook account. This installation method must be completed on each account individually.
  • Outlook admins can also install XQ’s Secure Outlook Add-In for their entire Microsoft 365 Group. This installation method is suitable for integrating XQ into your whole team’s Outlook email accounts.

In order to enable the required functionality, an administrator needs to Grant admin consent for XQ Cloud Link – Azure.

Gmail

  • Gmail users can install Secure Email using XQ’s Chrome Extension. With the Chrome Extension installed, users can encrypt messages and attachments directly from their Gmail accounts. This installation method must be completed on each account individually.
  • Google admins can also install XQ’s Chrome Extension for their entire group. This installation method is suitable for integrating XQ into your whole team’s Gmail accounts.

Step 3 – Deploying Vault

The XQ Vault allows you to store PHI on your own infrastructure and track who accesses it. Vault helps you meet HIPAA requirements in the following ways:

  • Protect each file with its own separate quantum-resistant encryption and keep it stored on your cloud
  • Store your data in a desktop folder synced to the cloud
  • Use XQ’s no size limit rule to store larger amounts of data at a fraction of the cost of other services
  • Track and audit every interaction with your data in one place

To use Vault, you can have an administrator deploy the product broadly or have end-users download and install it themselves. Once installed, users will need to log in to the product.


Step 4 – Configure the Vault folder

Vault can be used with Sharepoint/OneDrive, Google Drive, or even a local folder. 

Sharepoint/OneDrive
  • With Vault, files can be stored securely and synced to each team member with Sharepoint/OneDrive. To do this effectively, files need to be stored in a OneDrive Shared Library or a SharePoint Site. In order to sync files from SharePoint/OneDrive to team devices, the OneDrive app must be installed. Instructions can be found here for individual deployment
  • Once your file location is configured and the Sync App is on team devices, it is important to “Sync” this new location with the device so it is accessible on each device. This can be done by each individual or via admin control. Microsoft has guidance on this for Windows devices as well as Mac devices.
Google Drive
  • With Vault, files can be stored securely and synced to each team member with Google Drive. To do this effectively, files need to be stored in Google Drive. In order to sync files to team devices, Drive for desktop must be installed. Instructions can be found here for individual deployment
Local Folder
  • Personal folders work well with Vault, but cannot be synced to the devices of other team members.

Step 5 – Set up HIPAA-Specific Data Policies

We recommend using our Data Loss Prevention and Data Access Policies to implement HIPAA compliant business practices within the inbox of each team member.

Updated on February 26, 2024
Was this article helpful?

Related Articles