Does TLS encryption enable HIPAA compliance?

The TLS website does not indicate that TLS enables HIPAA compliance. If covered entities use TLS encryption, additional security measures are required for protected health information (PHI).

Transport Layer Security (TLS encryption) offers security when sending emails, but it doesn’t guarantee secure delivery to the recipient. Even though cryptography codes the messages in transit, security isn’t assured for information at rest.

In addition, certain email providers don’t support the delivery of encrypted messages. So the service removes the encryption to deliver the email, resulting in a message that contains plain text without encryption. Also, if the recipient responds, the reply transmits without encryption.

Covered entities must make sure they’re using tools that ensure encryption on delivery. To meet HIPAA requirements, both mail servers must use TLS encryption.

TLS encryption can be one tool to support HIPAA compliance. But such encryption alone isn’t sufficient for HIPAA requirements because the information can be exposed if the encryption fails.

Product details



Product description

Transport Layer Security, or TLS encryption, is a common cryptographic protocol to safeguard communication between a client and a server. Encryption applications are available for email, voice over IP (VoIP), and messaging.

This web page was updated on September 28, 2022.


Readers should perform their own research before making the final decision. The information on the Jotform HIPAA Compliance Checker does not constitute official healthcare or legal advice. Jotform is not liable for any damage or liabilities arising out of or connected in any manner with this platform.

If you see any incorrect, incomplete or inaccurate information, please request correction by filling the form below.

Request Correction

Get professional solutions with Jotform Enterprise

Discover how Jotform Enterprise can benefit your organization. Automate, collaborate, and scale with ease.