March 18, 2024 by Steven Tobolar

Top 8 HIPAA Compliant Email Service Providers

Compliance is a very important aspect of the healthcare industry and adhering to strict HIPAA requirements can be hard without a HIPAA compliant email service.

Under the Health Insurance Portability and Accountability Act (HIPAA), you are required to safeguard both your and your patients’ privacy.

This is why choosing the right HIPAA email service and archiving solutions is crucial.

In this article, we look at eight of the best HIPAA compliant email service providers on the market and guide you to make the right choice.

What’s inside:

  • Features to look for in an email service to meet HIPAA standards
  • An overview of HIPAA-compliant email providers
  • Reasons why email archiving can help

What to Look For in HIPAA-Compliant Email Providers?

Before choosing your email service provider, you need to understand what features you need it to have.

There are six important factors to consider:

  • Encryption — Your email service must use robust HIPAA email encryption protocols and include end-to-end encryption (E2EE) as a standard. Encryption is the most critical feature to look for as it offers a layer of protection to your email.
  • Access Control and Authentication — Look for an email service that offers stringent access control and multi-factor authentication that will prevent unauthorized access to protected health information about patients.
  • Data Storage Policies — Understand where your email data will be stored when opting for certain HIPAA email providers and ensure it complies with HIPAA regulations. This will be crucial when you start archiving your data.
  • Audit Trails — A HIPAA-compliant email service needs to provide a way for you to monitor activity on your email server and perform audit trails of taken actions.
  • Support — Assess your needs and how much support you will need from your email service provider. Look at their reviews, support responsiveness, and types of training they would provide for your team.
  • Business Associate Agreement (BAA) — Your chosen service provider must agree to a signed BAA specifying each party’s duties regarding PHI, providing information on the uses of PHI, and ensuring business affiliates use adequate PHI protection.

Now that you understand what to look for, let’s get a brief overview of the best HIPAA-compliant email service providers on the market.

A Quick Overview of HIPAA-Compliant Email Service Providers

Name Features Pricing Free Trial
  • Combination of AES, OpenPGP, and RSA cryptography
  • SSL connection
  • Doesn’t track or log personally identifiable information
  • Open-source software code
  • Email expiration
  • Servers are stored in nuclear bunkers underground
€8 – €11 per month for the business plan Yes
Egress Protect
  • AES-256 bit encryption
  • Multiple government and industry certifications
  • Audit logs and message restrictions
  • Full revocation capabilities
  • Single sign-on (SSO)
  • Custom email security policies
  • AI-enabled smart authentication
  • Investigate 365 analytics tool
  • Outlook and O365 integration
  • Enhanced mobility
£90 per user, per year Yes
  • AES 256-bit encryption
  • RSA 2408-bit encryption
  • SSL/TLS connection
  • Ethereum Blockchain Technology
  • Full revocation capabilities
  • Gmail, Outlook, and O365 add-ins
  • Web-only version
$7.95 per user, per month Yes
  • OpenPGP encryption
  • SSL/TLS connection
  • Two-factor authentication
  • Unlimited email aliases
  • Custom domain names
  • Email archiving
  • Mobile-friendly
$11.99 – $47.99 per month No
  • AES 256-bit encryption
  • Uses HIPAA, VISA, PCI DSS, SOC 2, and SSAE 16 compliant data centers
  • Two-factor authentication
  • Access logs
  • Mobile-friendly
  • Proprietary SendSafe address
$4.95 – $7.95 per user, per month Yes
  • SMTP TLS encryption
  • Escrow encryption
  • PGP and S/MIME encryption
  • HITRUST CSF certified
  • Login audit trails
  • Access controls
  • Spam protection
  • Email filtering
  • Tamper-proof archiving
Custom Yes
  • AES 256-bit encryption
  • Opportunistic inbound encryption
  • Blanket TLS email encryption
  • Two-factor authentication
  • Virus scanning
  • Phishing protection
  • Spam filtering
  • Email reports
  • Real-time analytics
  • HITRUST CSF certified
$29 – $69 per user, per month Yes
  • AES 256-bit encryption
  • Unlimited send/receive
  • Mobile-friendly
  • Microsoft Outlook plugin integration
  • Co-branded web portal
  • 24/7 customer support
$59 – $199 per user, per year Yes


Industry’s Best HIPAA Compliant Email Providers


ProtonMail Header

ProtonMail differs from other software because it was developed by Swiss scientists and engineers who worked at the CERN laboratory. In addition to high-level data security, ProtonMail provides a BAA — a must for HIPAA compliance.

It provides E2EE to communications at rest and in transit using a mix of AES, RSA, and OpenPGP encryption and transmits emails through a Swiss SSL connection. You can also set expiration periods for encrypted emails, ensuring they are automatically deleted from the recipient’s inbox once they reach their expiration date.

ProtonMail has an interface that’s comparable to Gmail’s and is simple to set up and use.

Its most notable features include:

  • Access to anonymous email accounts.
  • Open-source code.
  • Swiss servers that provide extra security options.

The most basic version of the service is free for personal use. Healthcare organizations, on the other hand, should think about one of its paid plans:

  • Mail Essentials – 7 EUR per month, which gives access to 10 email addresses per user, unlimited folders and labels, 15GB of storage, and 1 free VPN connection.
  • Business Plan – 11 EUR per user, per month gives you 15 email addresses per month, 500GB of storage space, 10 VPN connections, and contact grouping.
  • Enterprise Plan – Custom plan for your organization’s needs with a custom price and more advanced features.


Egress Protect

Egress Protect Header

Egress Protect is a secure HIPAA-compliant email provider that uses machine learning and E2EE to deliver government and industry-certified security.

It employs AES-256-bit HIPAA email encryption to safeguard data at rest and in transit. Users have complete revocation capabilities and the ability to govern how receivers utilize shared data and revoke or adjust access rights in real time.

Its most notable features include:

  • Compliance with CCPA and GDPR regulations.
  • AI-enabled smart authentication.
  • Classified under preventive, protective, and investigative packages.

Egress Protect pricing is determined on the total number of users and licenses where the first 25 users have a fixed £90 per year price, after which you need a quotation.


Identillect Header

Identillect Delivery Trust is an excellent HIPAA-compliant email service provider designed with small and medium-sized businesses in mind.

Delivery Trust encrypts emails with AES 256-bit encryption and transmits them through an SSL/TLS connection with RSA 2408-bit encryption. Furthermore, senders have complete control over their emails. They can limit recipients’ ability to print, forward, or download material, and they can revoke access at any moment.

Delivery Trust also makes use of Ethereum Blockchain Technology, which is a decentralized private ledger system, to assure email integrity and avoid man-in-the-middle attacks.

Most notable features:

  • Add-ons and integrations with various email services like Gmail and Outlook.
  • Recipients can view and reply to email without having to register.
  • Compliant with other industries besides healthcare.

Prices for Identillect Delivery Trust vary depending on the plan:

  • Delivery Trust Business – starts at $7.95 per month



Hushmail Header

Hushmail for Healthcare enables covered companies to receive and send messages that contain PHI using OpenPGP for E2EE.

Hushmail for Healthcare adds levels of security by demanding two-factor authentication (2FA) for account login and employing Secure Socket Layer (SSL)/Transport Layer Security (TLS) connection.

Its most important features include:

  • A separate email archive.
  • Email and phone 24/7 customer support.
  • Mobile and desktop application.

Prospective Hushmail for Healthcare users have three payment options:

  • For $11.99 per month — A single encrypted email account, 10GB of storage, and HIPAA-compliant services.
  • For $24.99 per month — Five email accounts, five secure web forms, 15 GB of storage for each account, and electronic signatures.
  • For $47.99 per month — Ten email accounts, ten secure web forms, 15 GB of storage for each account, as well as electronic signatures. Additional accounts will get bonus discounts.


MailHippo Header

MailHippo has built a reputation for making secure, HIPAA-compliant emails simple and inexpensive.

MailHippo ensures E2EE using AES 256-bit encryption and 2FA. It also keeps all of its servers in data centers that are HIPAA, PCI DSS, VISA, SSAE 16, and SOC 2 certified, preventing unauthorized third parties from accessing PHI.

Some key features:

  • Compatibility with your current email provider.
  • Web and mobile app included.
  • Subscription plans can be canceled at any time.

MailHippo has two pricing plans and a free trial:

  • The Basic plan — from $4.95 per user per month — Includes features like message recall and branding, allows for up to 5,000 messages per month, and 5 GB storage.
  • The Pro plan$7.95 per user, per month — Allows for up to 10,000 messages per month and 10 GB storage, as well as message recall, branding, and message expiration.



LuxSci Header

LuxSci’s SecureLine encryption service uses a mix of forced Simple Mail Transfer Protocol (SMTP) TLS, Escrow, and PGP and S/MIME certificates to deliver adaptive E2EE for email.

LuxSci provides access restrictions, login audit trails, real-time inbound email filtering, spam flood protection, and tamper-proof archiving in addition to encryption.

The most important LuxSci features include:

  • Text messaging, web hosting, video conferencing, and online forms.
  • Easy migration from your current email provider.
  • Tamper-proof archiving.

If you’re interested in LuxSci’s HIPAA-compliant email service their pricing plans are custom-made for each organization by contacting their sales team.


Paubox Header

Paubox Email Suite is a simple-to-use solution that encrypts your email without the need to study a new platform because it integrates seamlessly with your existing email client.

Paubox Email Suite employs AES 256-bit encryption, TLS email encryption, opportunistic inbound encryption, and two-factor authentication. Email Suite also includes extra security features, including phishing prevention, spam filtering, and malware scanning.

Most important features you’re getting:

  • Cross-device usability with a mobile app.
  • Automated spam detection and filtering.
  • Free BAA, meaning it’s fully HIPAA compliant.

Paubox Email Suite is available in three price tiers:

  • Standard plan — $29 per user, per month — includes real-time email reporting and analytics, on top of the basic security features
  • Plus plan — $59 per user, per month — besides features offered in the Standard plan, it also includes inbound security, DomainAge, and ExecProtect
  • Premium plan — $69 per user, per month — on top of features offered by the Plus plan, also includes email DPL and email archiving, and email DLP.



NeoCertified Header

NeoCertified provides you with a HIPAA-secure email solution offering many features to ensure your privacy and security of sensitive information.

Services provided range from their Outlook plugin, allowing end-users to write, send, and receive secure communications using Outlook. Customer Connect allows users to send messages directly through their organization’s website.

For bigger healthcare companies, NeoCertified provides an encrypted API integration that allows end-users to access Customer Connect through their organization’s business application.

Regardless of whatever option you select, all messages are encrypted using AES-256 and are HIPAA and HITECH-compliant.

The most important features include:

  • Accessibility on mobile devices.
  • Easy integration into Outlook and Google services.
  • 24/7 customer support with great FAQs and support videos.

NeoCertified has four pricing plans:

  • Non-Profit plan — $59 per user per year which includes all HIPAA compliance features and cloud-based add-ons.
  • Business-Lite — $69 per user per year offering 8 secure messages per month, Gmail and Edge extensions, and a mobile app.
  • Standard — $99/year with HIPAA BAA, mobile app, and unlimited messages included.
  • Gold – Power User — $199 per user per year which includes everything in the previous plans with 50GB storage and secure forms.


Employ an Additional Layer of Security With Jatheon

The best way to stay compliant with HIPAA is to combine your email provider with a proper email archiving solution like Jatheon.

Jatheon has robust HIPAA-compliant archiving capabilities designed to integrate with any email provider.

Every email sent or received will get captured, indexed, and stored in an AWS-based archiving system, freeing your email server of unnecessary data while keeping all of your communications records safe through encryption.

Some things you can do with Jatheon:

  • Use advanced filters to easily find the emails you’re looking for with keyword search, fuzzy search, tag filters, and many more options.
  • Verify data authenticity in case of a HIPAA audit.
  • Easily redact sensitive and PHI information and export it into a readable format.
  • Respond to any data or ediscovery requests ahead of schedule.

And if your healthcare facility is using text/SMS messages or social media along with email communication, you can capture it all in one place.

All of these features will allow you to retain email for long periods, stay HIPAA compliant, and provide necessary information for your patients.

Solve all of your HIPAA email archiving needs with Jatheon’s cloud email archiving solution built for the health industry. Stay compliant, speed up your ediscovery, and retain all of your data in one easy-to-use solution.



Is Gmail HIPAA Compliant?

Gmail’s base version isn’t considered HIPAA compliant, however, Google offers a range of G Suite options for businesses. One of the most used in healthcare is “Google Workspace for Healthcare” including advanced encryption and data loss prevention ensuring HIPAA compliance.

Is Outlook HIPAA Compliant?

As a standard service, Outlook isn’t HIPAA compliant, but if the healthcare organization is subscribed to a specialized version called “Microsoft 365 Healthcare” they are able to use advanced features allowing their organization to stay compliant with HIPAA regulations.

How to Make Gmail HIPAA Compliant?

Signing up for a Google Workspace account and choosing the right plan for your organization will allow you to migrate your existing Gmail account and ensure HIPAA compliance. For even more protection, HIPAA requires you to utilize email archiving solutions.

Is an Email Address PHI?

If an email address can be connected to a health condition a person might have it is considered PHI as it would be considered personal data.

Is Encrypted Email HIPAA Compliant?

Encryption is only one of the mandatory requirements for your healthcare organization to be HIPAA compliant meaning it’s not the only one. Along with encryption your emails need to be secure, archived, and made searchable.

Read Next:

HIPAA Email Compliance and Archiving: What You Need to Know

HIPAA Compliance and Text Message Archiving: What You Need to Know

Data Retention Policy Explained: A Comprehensive Overview

About the Author
Steven Tobolar
Steven Tobolar is Jatheon’s Head of Tech Support and an experienced engineer specializing in large-scale migration projects, AWS, Exchange Servers, and Microsoft Azure. Outside work, he enjoys reading, movies, off-road driving, and mountain biking.

See how data archiving can simplify compliance and ediscovery for your organization

Book a short demo to see all the key features in action and get more information.

Get a Demo

Jatheon is a “Trail Blazer” in The Radicati Group’s 2024 Information Archiving MQ

Share via
Copy link
Powered by Social Snap