One of the questions I ask during an in-depth Risk Assessment is to see any mobile phones that access or store office email. I’d say 90% of the time the iCloud settings are on for iPhone users since that is the default, and most people don’t change that. This means Apple is storing a copy of all of your emails, and if you have PHI in those emails, you could be violating HIPAA.
Email providers become Business Associates when they are engaged to create, receive, maintain or transmit Electronic Protected Health Information — even an xray. Yet, most email providers clearly state in their terms & conditions that they assume no liability for what you put in those emails.
Try as you might, you can’t make them secure your email. The standard of care for emails is to use a secure system to encrypt messages. We recommend EmailDDS (www.emaildds.com), then again, we are a little biased since it’s our creation….