HIPAA Compliant Email Providers

HIPAA compliant email providers turn regular email, an insecure communication method, into something secure and HIPAA compliant for your business. For an in-depth article on HIPAA Compliant Email, be sure to you read this article first: HIPAA Compliant Email Explained where you will learn more about the potential risks and benefits of combining HIPAA and email.

This page provides a comprehensive list of HIPAA compliant email providers. Although there are many email providers, most of them don'tprovide a HIPAA compliant email solution that meets the requirements that HIPAA HQ requires for our readers, including offering excellent HIPAA email encryption at a reasonable price.

The companies listed offer HIPAA compliant email without the need to host anything on your own infrastructure. Under HIPAA Compliance, this type of email hosting makes them a business partner, which requires both parties to sign a Business Associate Agreement (BAA). All of the providers in this list meet the HIPAA requirements and are willing to sign a BAA so you can be assured of full HIPAA email compliance.

CE's (covered entities) should outsource to providers who advertise to be HIPAA compliant email hosting providers and also those that are willing to provide signature to a HIPAA required Business Associate Agreement (BAA). Even then, the responsibility falls upon a CE to engage some method of risk analysis to ensure that a chosen cloud storage provider is compliant with all of the
requirements of HIPAA.

Jacco Blankenspoor

Managing Editor HIPAA HQ

Many hosting companies offer HIPAA compliant email as an addition to their HIPAA compliant hosting packages which you can find in our full list of HIPAA compliant hosting providers. But there are also a few specialized HIPAA compliant email providers who offer just that, email.

The Full List of HIPAA Compliant Hosting Providers

  • Company info

Recommended Provider:
Google Workpace and G Suite Gmail HIPAA

Google was late with making it possible to use Gmail for HIPAA compliant email. But since 2013, they agreed to sign a BAA upon request. Since one of the most sought after questions for HIPAA email is “Is Gmail HIPAA compliant?”.

Google's HIPAA Compliant Gmail acccount not only gives you access to Gmail, but it also includes HIPAA Compliant versions of G Suite like Google Calendar, Drive, Chat, Meet, Keep, and much more. Gmail HIPAA does come with some app limitations, of which you can read more about in these guidelines.

Please note: Gmail HIPAA compliance is only possible for the paid version of Google Workspace. The free @gmail.com isn't covered by their BAA, and is therefore not allowed for transferring PHI. Once you sign up for a Google Work Space, you must review and accept the BAA that Google provides before your account is deemed HIPAA Compliant.

Get your free 14 day trial of Google Workspace with these codes that expire 06/30/2023

Google Workspace Business Starter - Promo Codes


Google Workspace Business Standard - Promo Codes


Google Workspace  G Suite starts at only $6 /mailbox per month with no minimum number of mailboxes. 

hushmail logo
  • Company info

Hushmail for HealthCare

Hushmail is a fully hosted email, web forms, and e-signature all-in-one service with enhanced security and seamless, integrated encryption. In many ways, Hushmail is just like your current email provider but provides the ability to send and receive encrypted emails, attachments, and web forms to and from anyone, even people who don’t use Hushmail. Hushmail for Healthcare includes a drag-and-drop form builder for customizable secure web forms with e-signature capabilities on select plans.

Hushmail allows you to:

  • Easily add HIPAA compliant encryption to your emails
  • Send secure emails to your patient’s existing email address
  • Receive secure emails and documents from your patients, even if they don’t have a Hushmail account
  • Build customized, secure web forms your patients can fill out from any device
  • Have your patients sign your web forms electronically
  • Sign a Business Associate Agreement (BAA), required for HIPAA compliance

Hushmail for Healthcare is available everywhere you work with fully featured webmail, an iPhone app, and support for desktop and smartphone email applications.

Pricing starts at $11.99 /mailbox per month for their all-inclusive solution, with no minimum number of mailboxes.

Special Deal: Sign-up through HIPAA HQ to get a lifetime discount of 10% per month!

  • Company info

Microsoft Office 365

Microsoft was the first of the major secure email providers to offer full HIPAA compliant email. Their product Office 365 (using Outlook for email) meets all the necessary HIPAA email requirements. For Office 365 HIPAA Microsoft will sign a Business Associate Agreement (BAA) so your email services are classified as Protected Health Information (PHI).

You can use the full suite of excellent Office 365 applications, along with Outlook for HIPAA email purposes. Microsoft Office 365 is priced very competitive priced given its features, making it an excellent choice for HIPAA compliant email.

Microsoft Exchange pricing starts at $6 /mailbox per month for basic email (without the Office apps) and there is no account minimum. Microsoft 365 Business Standard and Microsoft 365 Business Premium offer Free 1 Month Trials.

  • Company info


NeoCertified is a leader in secure communications, specializing in a seamless, easy-to-use Secure Email Solution for individuals and businesses alike. They make the process as simple and convenient as possible, allowing all users to send and receive secure messages from mobile devices, tablets, computers, and any other internet-connected device. All secure emails are sent via their Cloud-based portal which utilizes AES 256-bit encryption and is compliant with all national and state-wide regulations & requirements.

Their Secure Email Solution is also compatible with all versions of Microsoft Outlook, including Outlook 365, which will give you the ability to compose, send, and receive secure messages directly from your Microsoft Outlook application.

NeoCertified’s HIPAA Compliant Email Solution includes:

  • Unlimited send/receive secure emails.
  • Microsoft Outlook plug-in integration.
  • They will sign a BAA (Business Associate Agreement) and help with compliance needs.
  • Co-branded web portal.
  • 256-bit encryption for all messages in transit and at rest.
  • Optimized mobile access.
  • CustomerConnect for inbound secure email.
  • 24/7 Customer Support available for all users and all recipients.
  • 30 Day Money Back Guarantee.

NeoCertified currently offers 7-day free trials for their Secure Email Solution. 

Pricing starts at $30 /mailbox per month for their all-inclusive solution, with no minimum number of mailboxes.

  • Company info

Aspida Mail

Aspida Mail is a comprehensive mail system that specializes in HIPAA complaint email. With Aspida Mail you can rest assured that you are not only are sending ePHI securely, but you are also storing it securely as well. Included in all of their plans is 6 years of backup and retention on all emails that you send and receive, this is vital in case of an audit. Setup is simple, taking less than a day, with no software to install or maintain.

Aspida Mail is competitively priced starting at just $10 /mailbox per month, with prices per mailbox dropping when you add more mailboxes.

  • Company info


Paubox provides a seamless encryption experience for users and works with most email platforms, including Office 365, Google Apps, Lotus Notes, and Microsoft Exchange. Instead of extra buttons to press, passwords to remember, or encryption keys to exchange, Paubox allows you to write and send emails as normal from your desktop, tablet or mobile device and encrypts all outbound and inbound messages for you in the background.

The full Paubox HIPAA Encrypted Email solution includes:

  • 100% HIPAA compliant with BAA included on all paid accounts.
  • Seamless encryption to prevent accidentally sending PHI over email.
  • Opportunistic In-bound encryption, phishing protection, virus scanning, and spam filtering.
  • Free 1 GB 256-bit AES encrypted file sharing account.
  • Free trial available.

Pricing starts at $30 /mailbox per month for their all-inclusive solution, with no minimum number of mailboxes.

  • Company info


MailHippo is a HIPAA Compliant email provider that lets you use your current email address to send and receive secure messages. Using a secure portal, users simply send and receive message in the encrypted portal and the recipient gets a notification that a new message is waiting for them.

MailHippo offers managed services on their private servers and include 24/7 support and a signed BAA. There are no account minimums and they even offer a free trial. Pricing starts at only $4.95 per month.

  • Company info


Whether you need to send a few emails or millions, LuxSci is customizable for organizations of every size and scope. They will sign a BAA & also offer a  30-day free trial to test their HIPAA compliant email and their other services such as SecureForm. If you’re responsible for HIPAA Compliance, LuxSci is the responsible choice.

LuxSci’s solutions uniquely enable you to dial in the level of security and features needed to match your particular business requirements. Package pricing is based on the exact details of your custom package. Packages start at $50/month.

  • Company info

MD Office Mail Pricing

MD Office Mail offers a premium HIPAA compliant email solution, with pricing based on number of accounts:

  • Small practice HIPAA compliant email: $2.10 per month, per mailbox, for 1-4 accounts.
  • Medium practice HIPAA compliant email: $1.60 per month, per mailbox, for 5-25 accounts.
  • Large practice HIPAA compliant email: $1,25 per month, per mailbox, for 26-100 accounts.

Email archival can be added for $0.90 per mailbox, per month. Prices get lower when paying annually.

  • Company info


Entrust is another provider focusing only on HIPAA and email combined with related services like file sending. They offer a very convenient process to make your email HIPAA secure. There’s even an option to further increase the security of your messages by using email encryption with passwords.

Entrust has a low-end pricing, but it still includes the ability to send secure files up to 2GB in size. Email Pros will sign a Business Associate Agreement (BAA) and help you reach full HIPAA email compliance.

Pricing starts at $3 /mailbox per month for basic email, but all plans have a 5-user account minimum.

  • Company info

MaxMD Direct mdEmail

MaxMD is a company providing a range of secure healthcare communication solutions with HIPAA and email being the main component. Called Direct mdEmail, it can be integrated in various ways into your existing email configuration. If you would like further integration into specific application you can use their so called Encryption as a Service (EaaS).

Direct mdEmail by MaxMD is a custom solution so there’s no upfront pricing information available. Depending on your current or future needs MaxMD will work out a custom quote for you. Upon installation of their services they will provide a BAA.