I am evaluating options to choose email providers for a HIPAA compliant web application. I understand that, if the email contains any form of PHI, it would be violating the HIPAA rule especially if the email is not encrypted.
What if the email that is been sent only contain a link to login and nothing else ? Would it still be violation of HIPAA ? I am concerned about the part that email being identified as PHI from the list of PHI’s. So, would the recipient email address itself would be considered as a PHI and violate HIPAA ?