Encrypt Claim Summaries and EOBs Containing PHI Before Sending to Claimants
Insurance claims documents — explanation of benefits, claim denial letters, adjuster reports, and settlement statements — contain protected health information and personal financial data that must be encrypted in transit. Deliteful's PDF Protect tool adds password protection to any claims PDF before it reaches a claimant's or provider's inbox.
Health insurers, TPAs, and workers' compensation carriers transmit PHI-bearing documents to claimants and providers daily. Under HIPAA's Security Rule, covered entities and business associates must implement encryption for PHI in transit. An EOB sent as an unprotected email attachment — containing diagnosis codes, provider names, and payment amounts — is a straightforward HIPAA violation if the recipient's email is not end-to-end encrypted. Password-encrypting the PDF is the document-level control that closes this gap regardless of the transmission channel.
Deliteful processes claims documents in seconds: upload the PDF, set a password, download the encrypted file. One credit per document. For high-volume claims operations, batch uploads let teams protect multiple EOBs or claim summaries in a single session using a shared password — appropriate when distributing a batch to a single provider or claimant. The encrypted PDF preserves all claim line items, HCPCS codes, and payment details exactly as formatted in the original.
How it works
- 1
Export the claims document from your TPA or claims platform
Generate the EOB, claim summary, adjuster report, or settlement statement as a PDF.
- 2
Upload to Deliteful and set a claimant-specific password
Use a password derivable from non-public claimant data — a claim number combined with date of loss works well and can be communicated verbally.
- 3
Download the encrypted claims PDF
The HIPAA-compliant protected file is ready immediately — attach it to your outbound communication.
- 4
Deliver the password through a separate channel
Call the claimant or provider with the password — never include it in the same email as the document.
Frequently asked questions
- Are insurance carriers required to encrypt EOBs sent by email?
- Health insurers who are HIPAA covered entities must implement encryption for PHI in transit under 45 CFR § 164.312(e)(2)(ii). EOBs containing diagnosis codes, procedure codes, and provider payment amounts are PHI. Sending them unencrypted by email is an addressable security gap that HHS has cited in enforcement actions. Password-protecting the PDF before transmission satisfies this requirement when the password is distributed separately.
- Does PDF encryption apply to workers' compensation claim documents?
- Workers' compensation carriers are not always HIPAA covered entities, but they handle sensitive medical and financial information that is subject to state privacy laws and industry standards. Encrypting claim documents containing medical treatment details, wage information, and settlement amounts is a reasonable security practice regardless of HIPAA applicability.
- Can I batch-encrypt a set of EOBs for a single provider?
- Yes. Upload multiple EOBs in one Deliteful session, set a shared provider-specific password, and download all encrypted files at once. This is efficient for monthly provider remittance batches. Use a different password per provider to contain exposure if any one provider's password is compromised.
- What if a claimant cannot open the password-protected PDF?
- Any modern PDF viewer — Adobe Acrobat Reader (free), Preview on Mac, or a browser — supports standard PDF encryption. The claimant simply enters the password when prompted. If they have difficulty, walk them through it by phone: open the file, enter the password at the prompt, and the document opens normally. The one-time setup is minimal.
Create your free Deliteful account with Google and encrypt your next batch of claims documents before they go to claimants or providers.