I have run into a situation where our medical hosting vendor is needing to send out automatic replies using an onsite SMTP server. I could easily set this up and get it going but my issue is that these automatic replies could easily have PHI (patient health information).
My concern is sending the traffic from our onsite SMTP server to our Office365 email service.
What would be my best course of action that is still HIPAA compliant?
Thank you all in advance for any input.