February 03, 2022 by Jatheon

Best HIPAA-Compliant Email Service Providers for This Year

In the healthcare industry, adhering to the Health Insurance Portability and Accountability Act (HIPAA) is extremely important. HIPAA applies to all workplace communications, including email.

That’s why it’s critical that you invest in a HIPAA-compliant email solution to safeguard both your company and your patients’ privacy.

In this article, we’ll look at some of the most popular HIPAA-compliant email providers on the market right now.

What to Look for in a HIPAA Compliant Email Service?

Encryption is perhaps the most critical feature to look for in a HIPAA-compliant email service. That’s why your company should opt for an email provider that includes end-to-end encryption (E2EE) as a standard. E2EE is basically any service that encrypts both in-transit and stored messages.

All emails containing PHI should also adhere to National Institute of Standards and Technology (NIST) rules. NIST requires that email providers use a combination of Advanced Encryption Standard (AES) 128, 192, or 256-bit encryption, OpenPGP, and S/MIME encryption standards in order to be HIPAA-compliant.

Finally, a HIPAA-compliant email service provider must agree to sign a Business Associate Agreement (BAA). The BAA is a formal agreement that:

  • Specifies each party’s duties in relation to PHI.
  • Provides information on the permissible and mandated uses of PHI by business affiliates.
  • Specifies that business associates will not use or disclose PHI beyond the BAA’s limitations.
  • Ensures that business affiliates use adequate PHI protections.

A Quick Overview of HIPAA Compliant Email Services

Name Features Pricing Free Trial
  • Combination of AES, OpenPGP, and RSA cryptography
  • SSL connection
  • Doesn’t track or log personally identifiable information
  • Open-source software code
  • Email expiration
  • Servers are stored in nuclear bunkers underground
€5 – €30 per month

Free for personal use

Egress Protect
  • AES-256 bit encryption
  • Multiple government and industry certifications
  • Audit logs and message restrictions
  • Full revocation capabilities
  • Single sign-on (SSO)
  • Custom email security policies
  • AI-enabled smart authentication
  • Investigate 365 analytics tool
  • Outlook and O365 integration
  • Enhanced mobility
£80 – £90 per user, per year Yes
  • AES 256-bit encryption
  • RSA 2408-bit encryption
  • SSL/TLS connection
  • Ethereum Blockchain Technology
  • Full revocation capabilities
  • Gmail, Outlook, and O365 add-ins
  • Web-only version
$5.95 – $7.95 per user, per month Yes
  • OpenPGP encryption
  • SSL/TLS connection
  • Two-factor authentication
  • Unlimited email aliases
  • Custom domain names
  • Email archiving
  • Mobile-friendly
$9.99 – $39.99 per month No
  • AES 256-bit encryption
  • Uses HIPAA, VISA, PCI DSS, SOC 2, and SSAE 16 compliant data centers
  • Two-factor authentication
  • Access logs
  • Mobile-friendly
  • Proprietary SendSafe address
$4.95 – $7.95 per user, per month Yes
  • SMTP TLS encryption
  • Escrow encryption
  • PGP and S/MIME encryption
  • HITRUST CSF certified
  • Login audit trails
  • Access controls
  • Spam protection
  • Email filtering
  • Tamper-proof archiving
From $60 per month Yes
  • AES 256-bit encryption
  • Opportunistic inbound encryption
  • Blanket TLS email encryption
  • Two-factor authentication
  • Virus scanning
  • Phishing protection
  • Spam filtering
  • Email reports
  • Real-time analytics
  • HITRUST CSF certified
$29 – $79 per user, per month Yes
  • AES 256-bit encryption
  • Unlimited send/receive
  • Mobile-friendly
  • Microsoft Outlook plugin integration
  • Co-branded web portal
  • 24/7 customer support
$59 – $199 per user, per year Yes

Best HIPAA Compliant Email Providers: Detailed Overview


ProtonMail provides E2EE to communications at rest and in transit using a mix of AES, RSA, and OpenPGP encryption and transmits emails through a Swiss SSL connection. It also allows you to set expiration periods for encrypted emails so that when they reach their expiration date, they are automatically erased from the recipient’s inbox.

ProtonMail has an interface that is comparable to Gmail’s and is simple to set up and use.

Because ProtonMail is an open-source project, the most basic version of the service is free for personal use. Healthcare organizations, on the other hand, should think about one of its paid plans:

  • Plus plan – 5 EUR per month, which gives access for one user, five addresses, 1,000 messages per day, one custom domain, and 5 GB storage.
  • Professional Plan – 8 EUR per user, per month – up to 5,000 users, five addresses per user, unlimited messages per day, two custom domains, and 5 GB storage per person
  • Visionary plan – 30 EUR per month – up to six people, 50 addresses, unlimited messages per day, ten custom domains, 50 GB storage, and ProtonVPN.

Egress Protect

Egress Protect is a secure HIPAA-compliant email service provider that uses machine learning and E2EE to deliver government and industry-certified security.

It employs AES-256 bit encryption to safeguard data at rest and in transit. Users have complete revocation capabilities and the ability to govern how receivers utilize shared data and revoke or adjust access rights in real-time.

Egress Protect has received a number of government and industry security certifications and is also GDPR-compliant.

Egress Protect pricing is determined on the total number of users and licenses:

  • 2-4 users – £90 per user on a yearly basis
  • 5-9 users – £85 per user on an annual basis
  • 10-25 users – £80 per user on an annual basis


Identillect Delivery Trust is an excellent HIPAA-compliant email service provider designed with small and medium-sized businesses in mind.

Delivery Trust encrypts emails in transit and at rest with AES 256-bit encryption and transmits them through an SSL/TLS connection with RSA 2408-bit encryption. Furthermore, senders have complete control over their emails. They can limit recipients’ ability to print, forward, or download material, and they can revoke access at any moment.

Delivery Trust also makes use of Ethereum Blockchain Technology, which is a decentralized private ledger system, to assure email integrity and avoid man-in-the-middle attacks.

Prices for Identillect Delivery Trust vary depending on the plan:

  • Delivery Trust Individual – starts at $5.95 per month
  • Delivery Trust Business – starts at $7.95 per month


Hushmail for Healthcare enables covered companies to receive and send messages that contain PHI using OpenPGP for E2EE.

Hushmail for Healthcare adds levels of security by demanding two-factor authentication (2FA) for account login and employing Secure Socket Layer (SSL)/Transport Layer Security (TLS) connection.

Prospective Hushmail for Healthcare users have three payment options:

  • For $9.99 per month – a single email account, two secure web forms, as well as 10 GB of storage.
  • For $19.99 per month – five email accounts, five secure web forms, 15 GB of storage for each account, and electronic signatures.
  • For $39.99 per month – ten email accounts, ten secure web forms, 15 GB of storage for each account, as well as electronic signatures.


MailHippo has built a reputation for making it simple and inexpensive to send secure, HIPAA-compliant emails. You don’t need to configure MailHippo because you can use it with your existing email provider, so you can simply sign up and be ready to go.

MailHippo ensures E2EE using AES 256-bit encryption and 2FA. It also keeps all of its servers in data centers that are HIPAA, PCI DSS, VISA, SSAE 16, and SOC 2 certified, preventing unauthorized third parties from accessing PHI.

There are two available plans:

  • The Basic plan – from $4.95 per user per month — includes features like message recall and branding, allows for up to 5,000 messages per month, and 5 GB storage.
  • The Pro plan – $7.95 per user, per month — allows for up to 10,000 messages per
    month and 10 GB storage, as well as message recall, branding, and message expiration.


LuxSci’s SecureLine encryption service uses a mix of forced Simple Mail Transfer Protocol (SMTP) TLS, Escrow, and PGP and S/MIME certificates to deliver adaptive E2EE for email.

LuxSci provides access restrictions, login audit trails, real-time inbound email filtering, spam flood protection, and tamper-proof archiving in addition to encryption.

If you’re interested in LuxSci’s HIPAA compliant email service, there are three price options available:

  • Secure Connector – starting at $70 for 10 users per month
  • Secure High Volume Sending – starting at $195 per month
  • Secure Marketing – starting at $500 per month
  • Secure Email Hosting – starting at $60 for 10 users per month


Paubox Email Suite is simple to use and takes little setup because it integrates seamlessly with your existing email client. Simply sign in, and Email Suite will begin encrypting communications.

Paubox Email Suite employs AES 256-bit encryption, TLS email encryption, opportunistic inbound encryption, and two-factor authentication. Email Suite also includes extra security features, including phishing prevention, spam filtering, and malware scanning.

Paubox Email Suite is available in three price tiers:

  • Standard plan — $29 per user, per month — includes real-time email reporting and analytics, on top of the basic security features
  • Plus plan — $59 per user, per month — besides features offered in the Standard plan, it also includes inbound security, DomainAge, and ExecProtect
  • Premium plan — $79 per user, per month — on top of features offered by the Plus plan, also includes email DPL and email archiving, and email DLP.


There are several methods to access NeoCertified’s HIPAA compliant email service:

  • NeoCertified’s Outlook plugin integration allows end-users to write, send, and receive secure communications using the Outlook program.
  • Customer Connect uses NeoCertified’s secure online gateway to allow end-users to create and send messages directly from their organization’s website.
  • For bigger healthcare companies, NeoCertified provides an encrypted API integration that allows end-users to access Customer Connect through their organization’s business application.

Regardless of whatever option you select, all messages are encrypted using AES-256 and are HIPAA and HITECH compliant.

NeoCertified has four pricing plans, Non-Profit plan beginning at $59 per user per year, Standard begins at $99/year, Enterprise begins at $79/year (50+ users required), and Gold – Power User starts at $199/year.

Jatheon Provides an Additional Layer of Security Through Archiving

Hopefully, this list will help in your hunt for the best HIPAA compliant email service for your healthcare organization or business associate business.

Do you want to make certain that all of your bases are covered? Jatheon adds an extra layer of security. Our email, text/SMS message, and social media archiving solutions enable healthcare businesses to easily preserve PHI and other sensitive data in secured archives while allowing integrated redaction of all PII and PHI before export and sharing with third parties for open data and ediscovery requests.

Contact us or book a free live demo to learn how Jatheon promotes HIPAA compliance.

Read Next:

HIPAA Email Compliance and Archiving: What You Need to Know

HIPAA Compliance and Text Message Archiving: What You Need to Know

Data Retention Policy 101 (with Examples)

See how data archiving can simplify compliance and ediscovery for your organization

Book a short demo to see all the key features in action and get more information.

Get a Demo

Share via
Copy link
Powered by Social Snap