14 best HIPAA-friendly email providers
According to the Radicati Group’s estimation, 281 million emails are sent each day. The same March 2018 report estimated that there will be 3.8 billion email accounts by the end of the year.
Why does this matter to medical practices? Email helps practices stay in contact with their patients, take care of administrative processes, and automate communication. You can’t afford not to use email as part of a modern healthcare practice.
But how does HIPAA (the Health Insurance Portability and Accountability Act) affect the way your medical practice uses email?
Pro Tip
Populate your HIPAA-friendly email list with a HIPAA-friendly form. Create a new form today.
HIPAA allows electronic communication such as email, but there are regulations to keep in mind. If you’re not careful about how you use email, you can get into a lot of trouble. You need to protect your patients’ privacy and make sure their PHI (Protected Health Information) remains safe and secure.
This can be difficult for medical professionals as their expertise, naturally, isn’t in email security.
Healthcare providers can’t simply discard email since it’s an incredibly useful and necessary business tool. To prepare your team to use email effectively, let’s go over what a HIPAA-friendly email looks like and how to send one.
What is HIPAA-friendly email?
While the rules for email vary depending on how you use it in your organization, following HIPAA guidelines can ensure you maintain compliance. To ensure emails have features that help with HIPAA compliance, you must
- Send email in a way that provides end-to-end encryption
- Enter into a business associate agreement with your provider
- Configure your email platform correctly
- Get consent from patients before communicating via email
- Retain emails permanently
These steps will help you deliver email securely and in accordance with HIPAA. Additionally, you can prevent your team from inadvertently breaking HIPAA laws by setting up policies that guarantee adherence to privacy rules and training them on best practices for email usage.
Understanding how HIPAA-friendly email works is the first step to sending emails that respect patient privacy. Next, we’ll discuss how to send those emails.
How to send HIPAA-friendly email
Sending HIPAA-friendly email isn’t as simple as logging into any platform and shooting off a quick message. HHS states that the security rule requires covered entities to “ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit.”
This includes implementing technical policies and procedures that allow only authorized persons to access electronic protected health information. So any email containing PHI that leaves your office must be encrypted — even if it’s going to another doctor.
Once you’ve ensured that your email meets the requirements mentioned in the previous section, there are a few ways to send it. The most secure method is to use an encrypted email service or secure message portal. This ensures security on both ends, including the client device.
It’s possible to meet HIPAA requirements using an email service like Outlook (Enterprise version only) and Gmail (only for G Suite customers) since both services will provide encrypted emails and enter into a BAA agreement. But be aware that these platforms require additional configuration.
Another low-cost option is ProtonMail, which offers a BAA agreement for those on Proton for Business plans. Users will need a data retention plan because ProtonMail deletes all data at the end of a contract, and HIPAA rules require providers to give patients access to their data.
Another option is to use a service like Virtru to secure applications you already use. For example, users can use Virtru to add end-to-end encryption to Google and Microsoft products. Just keep in mind that you’ll need a BAA for both services to stay HIPAA friendly.
Now that we’ve discussed what HIPAA-friendly emails look like, let’s make your life easier by considering 14 popular HIPAA-friendly email providers. We’ll break down what they do well and where they fall short so that you can make an informed choice.
1. Virtru
Overall Capterra user rating: 4.6 out of 5
Overall G2 user rating: 4.4 out of 5
Virtru is an end-to-end encryption platform add-on for popular email services like Gmail and Microsoft email. Their software enables you to encrypt data for features that help with HIPAA compliance and control who has access to the content you send. This means users don’t have to switch email providers or the way they work to be HIPAA-friendly.
Notable features include
- Integration with software you’re already using, like G Suite and Microsoft email
- Easy-to-use one-click technology
- The ability to audit and control access to content
Pricing: There are three plan options: Starter ($119/month/billed annually), Business ($219/month/billed annually), and Enterprise (custom pricing).
User review:
“This software is super user friendly providing clients with an awesome experience and easy accessibility to secure, important information.” (Source: Capterra)
2. Paubox
Overall Capterra user rating: 5 out of 5
Overall G2 user rating: 4.9 out of 5
Like Virtru, Paubox seamlessly encrypts emails without requiring you to learn another software platform. Instead of a plugin that sits on top of your email, Paubox integrates directly with popular business email platforms like G Suite and Office 365, allowing users to send and reply to emails in a way that’s fully encrypted and HIPAA-friendly. With Paubox you don’t need any extra logins, portals, buttons, or new apps.
Notable features include
- The ability to keep using your existing email account
- Cross-device functionality, including on mobile devices
- Free business associate agreements for all paid users
Pricing: Paubox offers three different pricing tiers, ranging from $29 to $69 per month with annual billing.
User review:
“Paubox is a great email solution that integrates seamlessly with Gmail. I had one interaction with their tech support and they went above and beyond to help me out and resolve my issue.” (Source: Capterra)
3. NeoCertified
Overall Capterra user rating: 4.9 out of 5
Overall G2 user rating: 4.8 out of 5
NeoCertified has been delivering commercial-grade security and encryption since 2002. It provides HIPAA-friendly solutions through its secure portal or Outlook integration. While the other options act as an add-on or plugin, NeoCertified is truly a standalone product. This may be beneficial for practices that aren’t already using a major email service and prefer to stick with a specialized platform.
Notable features include
- Easy access through a secure portal that is compatible with mobile devices
- Integration with Outlook that gets you up and running quickly
- 24-7 customer support, a hefty FAQ section, and support videos
Pricing: NeCertified offers three plans: Standard ($99/user/year), Gold ($59/user/year), and Non-profit ($59/user/year/contact sales).
User review:
“NeoCertified is an easy to use, affordable product for a small business like mine. It allows me to send secure emails to our clients and vendors to protect confidential information.” (Source: Capterra)
4. HIPAA Vault
Overall Capterra user rating: N/A
Overall G2 user rating: N/A
Like NeoCertified, HIPAA Vault is a standalone email solution that may offer features that help with HIPAA compliance. In addition to providing encrypted email services, HIPAA Vault also provides HIPAA-friendly hosting.
Notable features include
- A standalone solution that requires you to use their email client
- HIPAA-friendly hosting
Pricing: HIPAA Vault pricing plans depend on your event’s specific needs, size, and scale. Contact HIPAA Vault to request a quote.
User review:
Not available.
5. Aspida Mail
Overall Capterra user rating: N/A
Overall G2 user rating: N/A
Aspida Mail provides HIPAA-friendly email by directing users to a secure portal where patients can log in and confirm their identity. Aspida prides itself on being highly compatible with the services you’re already using and making the transition process smooth and easy.
Notable features include
- Simple email migration service
- The option to use their domain or your own
- Compatibility with existing services
Pricing: Contact Aspida directly for pricing details.
User review:
Not available.
6. Protected Trust
Overall Capterra user rating: N/A
Overall G2 user rating: 5 out of 5
Protected Trust allows you to send HIPAA-friendly email through Outlook and other select Windows applications. Protected Trust can be accessed from any device through its web portal. It also has printer drivers and a mobile app for additional accessibility.
Notable features include
- A mobile app with fingerprint security
- A 15-day free trial that includes all the features from the business version
- Multiple delivery methods for more flexibility
Pricing: Protected Trust offers two different pricing tiers, ranging from free to $15 per month.
User review:
“The part I like best about Protected Trust is the ability to set the authentication for each recipient individually using a password or other means. I like being able to control how people end up accessing my emails.”
7. MailHippo
Overall Capterra user rating: N/A
Overall G2 user rating: N/A
MailHippo enables medical institutions to send HIPAA-friendly emails to patients and other authorized people. MailHippo guarantees the safety of ePHI and issues a business associate agreement during registration. It also offers a seamless user experience between mobile and desktop, as the platform is fully reactive.
Notable features include
- Minimal configuration and easy setup
- 30-day free trial with limited features can help you decide whether this tool is right for you
- Compatible with any email providers that are already being used
- Plans can be canceled anytime
Pricing: MailHippo offers three plans: free, Basic ($4.95/user/month), Pro ($7.95/user/month).
User review:
Not available.
8. LuxSci
Overall Capterra user rating: N/A
Overall G2 user rating: 4.8 out of 5
LuxSci is a complete HIPAA-friendly enterprise solution, although it offers plans for small businesses as well. LuxSci provides not only HIPAA-friendly email services, but also Zoom-based video conferencing and online forms. Since 1999, LuxSci has kept health information and communications secure. Many medical and dental institutions use its services.
Notable features include
- Complete solution with video conferencing, text messaging, web hosting, and online forms
- Migrates existing online forms and associated data to its HIPAA-friendly system
Pricing: Contact a sales representative for pricing information.
User review:
“They do provide secure email handling with the ability to set custom filters and rules for emails. Also, they support my websites including some in the financial sector that have private (hidden) domain registrations.”
9. ProtonMail
Overall Capterra user rating: 4.6 out of 5
Overall G2 user rating: 4.4 out of 5
ProtonMail differs from other software because it was developed by scientists and engineers in Switzerland who worked at the CERN laboratory. In addition to high-level data security, ProtonMail provides a BAA — a must for HIPAA compliance.
Notable features include
- Provides an anonymous email account
- Servers located in Switzerland for extra safety
- Open source code
Pricing: ProtonMail is available in a free plan. Pricing plans start at $3.99 per month.
User review:
“ProtonMail is super easy to use, and it provides a high level of security for your data. ProtonMail also has a built-in VPN, which means you can be sure your data is always safe and secure.” (Source: Capterra)
10. Hushmail
Overall Capterra user rating: 4.6 out of 5
Overall G2 user rating: 3.7 out of 5
Hushmail plans offer not only encrypted email but also secure web forms and legally binding e-signatures. Hushmail is available as an iOS application.
Notable features include
- Separate, secure email archive
- No extra fees for BAA
- Customer support via email and phone
Pricing: The pricing plans start at $11.99 per month.
User review:
“I like that with Hushmail I can create alias emails for different uses. I like that sending attachments is easy.” (Source: Capterra)
11. Egress
Overall Capterra user rating: 4.1 out of 5
Overall G2 user rating: 4.5 out of 5
Egress is an encrypted email service headquartered in the UK, but they provide HIPAA-friendly email solutions for medical institutions in the US as well. This tool’s strong machine learning algorithms and DLP technologies minimize the risk of emails’ being sent to unauthorized people, both inside and outside the medical organization. End-to-end email security is a valuable bonus to the already strong security measures.
Notable features include
- Their products are classified under preventive, protective and investigative packages
- Also California Consumer Privacy Act (CCPA) compliant
- Free users get 25 free credits to send 25 secure emails to anyone they like
Pricing: The pricing plan is fixed for each number of users until 25, then a quotation is required.
User review:
“The customisation options are key, and it has been good to work with the team on some specific developments that enable integration with our systems.” (Source: Capterra)
12. Identillect
Overall Capterra user rating: 4.9 out of 5
Overall G2 user rating: N/A
Identillect’s Delivery Trust provides HIPAA-friendly email encryption services for secure communications. Specifically designed for small and medium-sized businesses, Delivery Trust gives senders complete control over their emails by restricting recipients’ ability to print, forward, and download emails. It also provides add-ons and integrations for various email services (such as Gmail and Outlook).
Notable features include
- 24-7 customer support
- Compliance with regulations for various industries
Pricing: You must contact the company for pricing information.
User review:
“The ease of the software is what I liked the most. It is straight forward, great for company to use, even for those who may not be tech savvy.” (Source: Capterra)
13. Mimecast
Overall Capterra user rating: 4 out of 5
Overall G2 user rating: 4.4 out of 5
Mimecast offers products and services for a variety of cybersecurity issues. Its cloud-based system provides a secure portal where messages are stored and checked for malware. Recipients can access and reply to HIPAA-encrypted emails via the portal. Mimecast also protects patient data from more sophisticated forms of cyber attacks, such as targeted threats and phishing. Inbound and outbound scanning allows you to defend your organization from both internal and external threats.
Notable features include
- Employee training on cybersecurity
- A wide range of integrations and API partners
- Continuous service, even when email is down
Pricing: Contact Mimecast to set up a demo and request pricing information.
User review:
“The rollout in the company and the integration into the system were both relatively fast.”
14. EnGuard
Overall Capterra user rating: N/A
Overall G2 user rating: N/A
EnGuard is an American company, as American as HIPAA itself. The customer support team is entirely based in the U.S., and the servers are located in California. EnGuard uses its own webmail service for its email interface, which is feature rich and easy to use.
Notable features include
- HIPAA-friendly email account registered on your own domain
- Chat and videoconferencing enabled within webmail
- Responsive to all types of devices
Pricing: EnGuard plans start at $15 per month and require a minimum of five users. With the Standard plan, each additional user costs $3 per user, per month.
User review:
Not available.
Going digital while staying HIPAA-friendly
No organization can do without email today. Whether it’s sending forms, automatic appointment reminders, or follow-up information to patients, or consulting with other healthcare professionals, email is invaluable for your communication needs.
But medical practices have digital communication needs that go beyond email. If you’re thinking about converting to more digital solutions at your practice, you may also be interested in HIPAA-friendly forms. At Jotform we make it easy to create, manage, and send HIPAA-friendly forms. Try one today.
The information on this page does not constitute official healthcare or legal advice. Jotform is not liable for any damage or liabilities arising out of or connected in any manner with this platform.
Send Comment:
6 Comments:
More than a year ago
Good article thank you. Its weakness is no mention of prices or what Emil servers these Hippa providers work with. So this article is near to useless.
More than a year ago
Which HIPPA compliant email is the least expensive and is there a way to move all my email to a new email service?
Thank you!
More than a year ago
I am starting a small clinical laboratory and want to send laboratory results in a HIPPA compliant manner to our providers. Our test results are in a long-form format. How can we do that?
More than a year ago
You guys really help me out . I really need this information.
More than a year ago
George,
thank you for putting together such an excellent article on HIPAA compliant email providers.
You may also want to consider reviewing MailHippo.
MailHippo provides a HIPAA compliant email platform that requires no technical setup.
Simply create an account and providers can start sending in minutes while keeping their existing email address.
The service is free for a limited time during their Beta period.
Thanks for your consideration.
Kind regards,
-Stanley.
More than a year ago
If we need a HIPAA complaint lead form and a way to email from the lead form can we use the HIPAA complaint email providers you suggested with it?