In the healthcare industry, adhering to the Health Insurance Portability and Accountability Act (HIPAA) is extremely important. HIPAA applies to all workplace communications, including email.
That’s why it’s critical that you invest in a HIPAA-compliant email solution to safeguard both your company and your patients’ privacy.
In this article, we’ll look at some of the most popular HIPAA-compliant email providers on the market right now.
What to Look for in a HIPAA Compliant Email Service?
Encryption is perhaps the most critical feature to look for in a HIPAA-compliant email service. That’s why your company should opt for an email provider that includes end-to-end encryption (E2EE) as a standard. E2EE is basically any service that encrypts both in-transit and stored messages.
All emails containing PHI should also adhere to National Institute of Standards and Technology (NIST) rules. NIST requires that email providers use a combination of Advanced Encryption Standard (AES) 128, 192, or 256-bit encryption, OpenPGP, and S/MIME encryption standards in order to be HIPAA-compliant.
Finally, a HIPAA-compliant email service provider must agree to sign a Business Associate Agreement (BAA). The BAA is a formal agreement that:
- Specifies each party’s duties in relation to PHI.
- Provides information on the permissible and mandated uses of PHI by business affiliates.
- Specifies that business associates will not use or disclose PHI beyond the BAA’s limitations.
- Ensures that business affiliates use adequate PHI protections.
A Quick Overview of HIPAA Compliant Email Services
||€5 – €30 per month
Free for personal use
||£80 – £90 per user, per year||Yes|
||$5.95 – $7.95 per user, per month||Yes|
||$9.99 – $39.99 per month||No|
||$4.95 – $7.95 per user, per month||Yes|
||From $60 per month||Yes|
||$29 – $79 per user, per month||Yes|
||$59 – $199 per user, per year||Yes|
Best HIPAA Compliant Email Providers: Detailed Overview
ProtonMail provides E2EE to communications at rest and in transit using a mix of AES, RSA, and OpenPGP encryption and transmits emails through a Swiss SSL connection. It also allows you to set expiration periods for encrypted emails so that when they reach their expiration date, they are automatically erased from the recipient’s inbox.
ProtonMail has an interface that is comparable to Gmail’s and is simple to set up and use.
Because ProtonMail is an open-source project, the most basic version of the service is free for personal use. Healthcare organizations, on the other hand, should think about one of its paid plans:
- Plus plan – 5 EUR per month, which gives access for one user, five addresses, 1,000 messages per day, one custom domain, and 5 GB storage.
- Professional Plan – 8 EUR per user, per month – up to 5,000 users, five addresses per user, unlimited messages per day, two custom domains, and 5 GB storage per person
- Visionary plan – 30 EUR per month – up to six people, 50 addresses, unlimited messages per day, ten custom domains, 50 GB storage, and ProtonVPN.
Egress Protect is a secure HIPAA-compliant email service provider that uses machine learning and E2EE to deliver government and industry-certified security.
It employs AES-256 bit encryption to safeguard data at rest and in transit. Users have complete revocation capabilities and the ability to govern how receivers utilize shared data and revoke or adjust access rights in real-time.
Egress Protect has received a number of government and industry security certifications and is also GDPR-compliant.
Egress Protect pricing is determined on the total number of users and licenses:
- 2-4 users – £90 per user on a yearly basis
- 5-9 users – £85 per user on an annual basis
- 10-25 users – £80 per user on an annual basis
Identillect Delivery Trust is an excellent HIPAA-compliant email service provider designed with small and medium-sized businesses in mind.
Delivery Trust encrypts emails in transit and at rest with AES 256-bit encryption and transmits them through an SSL/TLS connection with RSA 2408-bit encryption. Furthermore, senders have complete control over their emails. They can limit recipients’ ability to print, forward, or download material, and they can revoke access at any moment.
Delivery Trust also makes use of Ethereum Blockchain Technology, which is a decentralized private ledger system, to assure email integrity and avoid man-in-the-middle attacks.
Prices for Identillect Delivery Trust vary depending on the plan:
- Delivery Trust Individual – starts at $5.95 per month
- Delivery Trust Business – starts at $7.95 per month
Hushmail for Healthcare enables covered companies to receive and send messages that contain PHI using OpenPGP for E2EE.
Hushmail for Healthcare adds levels of security by demanding two-factor authentication (2FA) for account login and employing Secure Socket Layer (SSL)/Transport Layer Security (TLS) connection.
Prospective Hushmail for Healthcare users have three payment options:
- For $9.99 per month – a single email account, two secure web forms, as well as 10 GB of storage.
- For $19.99 per month – five email accounts, five secure web forms, 15 GB of storage for each account, and electronic signatures.
- For $39.99 per month – ten email accounts, ten secure web forms, 15 GB of storage for each account, as well as electronic signatures.
MailHippo has built a reputation for making it simple and inexpensive to send secure, HIPAA-compliant emails. You don’t need to configure MailHippo because you can use it with your existing email provider, so you can simply sign up and be ready to go.
MailHippo ensures E2EE using AES 256-bit encryption and 2FA. It also keeps all of its servers in data centers that are HIPAA, PCI DSS, VISA, SSAE 16, and SOC 2 certified, preventing unauthorized third parties from accessing PHI.
There are two available plans:
- The Basic plan – from $4.95 per user per month — includes features like message recall and branding, allows for up to 5,000 messages per month, and 5 GB storage.
- The Pro plan – $7.95 per user, per month — allows for up to 10,000 messages per
month and 10 GB storage, as well as message recall, branding, and message expiration.
LuxSci’s SecureLine encryption service uses a mix of forced Simple Mail Transfer Protocol (SMTP) TLS, Escrow, and PGP and S/MIME certificates to deliver adaptive E2EE for email.
LuxSci provides access restrictions, login audit trails, real-time inbound email filtering, spam flood protection, and tamper-proof archiving in addition to encryption.
If you’re interested in LuxSci’s HIPAA compliant email service, there are three price options available:
- Secure Connector – starting at $70 for 10 users per month
- Secure High Volume Sending – starting at $195 per month
- Secure Marketing – starting at $500 per month
- Secure Email Hosting – starting at $60 for 10 users per month
Paubox Email Suite is simple to use and takes little setup because it integrates seamlessly with your existing email client. Simply sign in, and Email Suite will begin encrypting communications.
Paubox Email Suite employs AES 256-bit encryption, TLS email encryption, opportunistic inbound encryption, and two-factor authentication. Email Suite also includes extra security features, including phishing prevention, spam filtering, and malware scanning.
Paubox Email Suite is available in three price tiers:
- Standard plan — $29 per user, per month — includes real-time email reporting and analytics, on top of the basic security features
- Plus plan — $59 per user, per month — besides features offered in the Standard plan, it also includes inbound security, DomainAge, and ExecProtect
- Premium plan — $79 per user, per month — on top of features offered by the Plus plan, also includes email DPL and email archiving, and email DLP.
There are several methods to access NeoCertified’s HIPAA compliant email service:
- NeoCertified’s Outlook plugin integration allows end-users to write, send, and receive secure communications using the Outlook program.
- Customer Connect uses NeoCertified’s secure online gateway to allow end-users to create and send messages directly from their organization’s website.
- For bigger healthcare companies, NeoCertified provides an encrypted API integration that allows end-users to access Customer Connect through their organization’s business application.
Regardless of whatever option you select, all messages are encrypted using AES-256 and are HIPAA and HITECH compliant.
NeoCertified has four pricing plans, Non-Profit plan beginning at $59 per user per year, Standard begins at $99/year, Enterprise begins at $79/year (50+ users required), and Gold – Power User starts at $199/year.
Jatheon Provides an Additional Layer of Security Through Archiving
Hopefully, this list will help in your hunt for the best HIPAA compliant email service for your healthcare organization or business associate business.
Do you want to make certain that all of your bases are covered? Jatheon adds an extra layer of security. Our email, text/SMS message, and social media archiving solutions enable healthcare businesses to easily preserve PHI and other sensitive data in secured archives while allowing integrated redaction of all PII and PHI before export and sharing with third parties for open data and ediscovery requests.