13 best HIPAA-compliant email providers for small practices

According to the Radicati Group’s estimation, 281 million emails are sent each day. The same March 2018 report estimated that there will be 3.8 billion email accounts by the end of the year.

Why does this matter to medical practices? Email helps practices stay in contact with their patients, take care of administrative processes, and automate communication. You can’t afford not to use email as part of a modern healthcare practice.

But how does HIPAA (the Health Insurance Portability and Accountability Act) affect the way your medical practice uses email?

Pro Tip
Populate your HIPAA-compliant email list with a HIPAA-compliant form. Create a new form today.

HIPAA allows electronic communication such as email, but there are regulations to keep in mind. If you’re not careful about how you use email, you can get into a lot of trouble. You need to protect your patients’ privacy and make sure their PHI (Protected Health Information) remains safe and secure.

This can be difficult for medical professionals as their expertise, naturally, isn’t in email security.

Let’s look at thirteen popular HIPAA-compliant email providers, what they do well, and where they fall short so that you can make an informed choice.

1. Virtru

Virtru is an end-to-end encryption platform add-on for popular email services like Gmail and Microsoft email. Their software enables you to encrypt data for HIPAA compliance and control who has access to the content you send. This means users don’t have to switch email providers or the way they work to be HIPAA compliant.

virtru hipaa compliant email

Notable features include

  • Integration with software you’re already using, like G Suite and Microsoft email
  • Easy-to-use one-click technology
  • The ability to audit and control access to content

2. Paubox

Like Virtru, Paubox seamlessly encrypts emails without requiring you to learn another software platform. Instead of a plugin that sits on top of your email, Paubox integrates directly with popular business email platforms like G Suite and Office 365, allowing users to send and reply to emails in a way that’s fully encrypted and HIPAA compliant. With Paubox you don’t need any extra logins, portals, buttons, or new apps.

paubox hipaa compliant email

Notable features include

  • The ability to keep using your existing email account
  • Cross-device functionality, including on mobile devices
  • Free business associate agreements for all paid users

3. NeoCertified

NeoCertified has been delivering commercial-grade security and encryption since 2002. It provides HIPAA-compliant solutions through its secure portal or Outlook integration. While the other options act as an add-on or plugin, NeoCertified is truly a standalone product. This may be beneficial for practices that aren’t already using a major email service and prefer to stick with a specialized platform.

neo certified hipaa compliant email

Notable features include

  • Easy access through a secure portal that is compatible with mobile devices
  • Integration with Outlook that gets you up and running quickly
  • 24-7 customer support, a hefty FAQ section, and support videos

4. HIPAA Vault

Like NeoCertified, HIPAA Vault is a standalone email solution that’s HIPAA compliant. In addition to providing encrypted email services, HIPAA Vault also provides HIPAA-compliant hosting.

Notable features include

  • A standalone solution that requires you to use their email client
  • Affordable plans starting at $12/month
  • HIPAA-compliant hosting

5. Aspida Mail

Aspida Mail provides HIPAA-compliant email by directing users to a secure portal where patients can log in and confirm their identity. Aspida prides itself on being highly compatible with the services you’re already using and making the transition process smooth and easy.

aspida hipaa compliant email

Notable features include

  • Simple email migration service
  • The option to use their domain or your own
  • Compatibility with existing services

6. Protected Trust

Protected Trust allows you to send HIPAA-compliant email through Outlook and other select Windows applications. Protected Trust can be accessed from any device through its web portal. It also has printer drivers and a mobile app for additional accessibility.

protected trust hipaa compliant email

Notable features include

  • A mobile app with fingerprint security
  • A 15-day free trial that includes all the features from the business version
  • Multiple delivery methods for more flexibility

7. MailHippo

MailHippo enables medical institutions to send HIPAA-compliant emails to patients and other authorized people. MailHippo guarantees the safety of ePHI and issues a business associate agreement during registration. It also offers a seamless user experience between mobile and desktop, as the platform is fully reactive.

mailhippo hipaa compliant email

Notable features include

  • Minimal configuration and easy setup
  • 30-day free trial with limited features can help you decide whether this tool is right for you
  • Compatible with any email providers that are already being used
  • Plans can be canceled anytime

8. LuxSci

LuxSci is a complete HIPAA-compliant enterprise solution, although it offers plans for small businesses as well. LuxSci provides not only HIPAA-compliant email services, but also Zoom-based video conferencing and online forms. Since 1999, LuxSci has kept health information and communications secure. Many medical and dental institutions use its services.

luxsci hipaa compliant email

Notable features include

  • Complete solution with video conferencing, text messaging, web hosting, and online forms
  • Plans start at $50/month; prices are negotiable and customized to your exact needs
  • Migrates existing online forms and associated data to its HIPAA-compliant system

9. ProtonMail

ProtonMail differs from other software because it was developed by scientists and engineers in Switzerland who worked at the CERN laboratory. In addition to high-level data security, ProtonMail provides a BAA — a must for HIPAA compliance.

protonmail hipaa compliant email

Notable features include

  • Provides an anonymous email account
  • Servers located in Switzerland for extra safety
  • Open source code

10. Hushmail

Hushmail plans offer not only encrypted email but also secure web forms and legally binding e-signatures. Hushmail is available as an iOS application.

hushmail hipaa compliant email

Notable features include

  • Separate, secure email archive
  • One free month for users who pay annually
  • No extra fees for BAA
  • Customer support via email and phone

11. Egress

Egress is an encrypted email service headquartered in the UK, but they provide HIPAA-compliant email solutions for medical institutions in the US as well. This tool’s strong machine learning algorithms and DLP technologies minimize the risk of emails’ being sent to unauthorized people, both inside and outside the medical organization. End-to-end email security is a valuable bonus to the already strong security measures.

egress hipaa compliant email

Notable features include

  • Pricing is fixed for each number of users until 25, then a quotation is required
  • Their products are classified under preventive, protective and investigative packages
  • Also California Consumer Privacy Act (CCPA) compliant
  • Free users get 25 free credits to send 25 secure emails to anyone they like

12. Identillect

Identillect’s Delivery Trust provides HIPAA-compliant email encryption services for secure communications. Specifically designed for small and medium-sized businesses, Delivery Trust gives senders complete control over their emails by restricting recipients’ ability to print, forward, and download emails. It also provides add-ons and integrations for various email services (such as Gmail and Outlook).

Notable features include

  • 24-7 customer support
  • Pricing starting at $5.95 per month
  • Compliance with regulations for various industries

13. Mimecast

Mimecast offers products and services for a variety of cybersecurity issues. Its cloud-based system provides a secure portal where messages are stored and checked for malware. Recipients can access and reply to HIPAA-encrypted emails via the portal. Mimecast also protects patient data from more sophisticated forms of cyber attacks, such as targeted threats and phishing. Inbound and outbound scanning allows you to defend your organization from both internal and external threats.

Notable features include

  • Employee training on cybersecurity
  • A wide range of integrations and API partners
  • Continuous service, even when email is down

Going digital while staying HIPAA-compliant

No organization can do without email today. Whether it’s sending forms, automatic appointment reminders, or follow-up information to patients, or consulting with other healthcare professionals, email is invaluable for your communication needs.

But medical practices have digital communication needs that go beyond email. If you’re thinking about converting to more digital solutions at your practice, you may also be interested in HIPAA-compliant forms. At JotForm we make it easy to create, manage, and send HIPAA-compliant forms. Try one today.

The information on this page does not constitute official healthcare or legal advice. JotForm is not liable for any damage or liabilities arising out of or connected in any manner with this platform.

This article is originally published on Jun 30, 2019, and updated on Feb 09, 2021.
Firm believer in personal data privacy in the age of information. Close follower of the new regulations concerning patient confidentiality & HIPAA. You can reach George through his contact form. The views stated herein are for discussion only, and are not intended to constitute medical advice or any other advice, procedures, or guidelines for diagnosing or treating any medical condition or for any aspect of the practice of medicine.

Send Comment:

JotForm Avatar
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.