Recommended HIPAA Compliant Email Providers
What HIPAA compliant email providers do is turning an insecure communication method into something secure and potentially HIPAA compliant. Please be sure you have read this full in-depth article first: HIPAA Compliant Email Explained were you learn more about the potential risks and benefits of combining HIPAA and email.
On this page you will find the complete list of HIPAA compliant email providers. There are more email providers of course, but not all of them are up capable of offering a HIPAA compliant email solution that stands the test by providing excellent HIPAA email encryption.
The companies listed offer outsourced HIPAA compliant email without the need to host anything on your own infrastructure. This type of arrangement makes them a business partner for which they need to sign a Business Associate Agreement (BAA). All of the providers in this list meet the HIPAA requirements and are willing to sign a BAA so you can be assured of full HIPAA email compliance.
I also want to point out an important section from the “HIPAA Cloud Storage Explained” article as it’s also applicable for HIPAA compliant email:
Many hosting companies offer HIPAA compliant email as an addition to their HIPAA compliant hosting packages which you can find in our full list of HIPAA compliant hosting providers. But there are also a few specialized HIPAA compliant email providers who offer just that, email. I listed these below, along with a link to the relevant product information.
The Full List of HIPAA Compliant Email Providers
This list of HIPAA compliant email providers is constantly monitored and updated, to ensure you can make an informed decision. Currently listed are:
Recommended: VM Racks HIPAA Compliant Email
VM Racks is a Cloud Provider offering a full suite of HIPAA Compliant Solutions including hosting, email, sftp and more. Their email solution includes unlimited secure email sending, mobile access from tablets and phones, a secure API, Microsoft Outlook Plug-in and more. They have a trademarked solution called True HIPAA Compliance™ which they use to guarantee their packages are 100% HIPAA compliant and they sign BAA’s for all customers.
Pricing for HIPAA Compliant Email starts at only $8/mailbox and includes 24/7 support.
Hushmail for Healthcare
Special offer: Get a 10% lifetime discount
Hushmail is a fully hosted email service with enhanced security and seamless, integrated encryption. In many ways, Hushmail is just like your current email provider but provides the ability to send and receive encrypted emails and attachments to and from anyone, even people who don’t use Hushmail.
Hushmail allows you to:
- Easily add HIPAA compliant encryption to your emails
- Send secure emails to your patient’s existing email address
- Receive secure emails and documents from your patients, even if they don’t have a Hushmail account
- Sign a Business Associate Agreement (BAA), required for HIPAA compliance
Hushmail for Healthcare is available everywhere you work with fully featured webmail, an iPhone app, and support for desktop and smartphone email applications.
Established in 1994, Atlantic.Net provides a wide range of email and web hosting services and solutions to include:
- Dedicated Servers
- Cloud Hosting
- Private Cloud
- Virtualization Hosting
- Hybrid Hosting
- Colocation Hosting
>> Learn more about Storage Hosting by Atlantic.net
>> Case study: Why ShareSafe Chose Atlantic.Net for Hosting Solutions (PDF)
>> Case study: Why Complete HealthCare Solutions, Inc. chose Atlantic.Net (PDF)
>> E-Book: Important Fundamentals you need to know about HIPAA Compliance (PDF)
>> “Why Does HIPAA Compliant Hosting Cost More?“, Blog post by Adnan Raj, VP of Marketing at Atlantic
NeoCertified is a leader in secure communications, specializing in a seamless, easy-to-use Secure Email Solution for individuals and businesses alike. They make the process as simple and convenient as possible, allowing all users to send and receive secure messages from mobile devices, tablets, computers, and any other internet-connected device. All secure emails are sent via their Cloud-based portal which utilizes AES 256-bit encryption and is compliant with all national and state-wide regulations & requirements.
Their Secure Email Solution is also compatible with all versions of Microsoft Outlook, including Outlook 365, which will give you the ability to compose, send, and receive secure messages directly from your Microsoft Outlook application.
NeoCertified’s HIPAA Compliant Email Solution includes:
- Unlimited send/receive secure emails
- Microsoft Outlook plug-in integration
- They will sign a BAA (Business Associate Agreement) and help with compliance needs
- Co-branded web portal
- 256-bit encryption for all messages in transit and at rest
- Optimized mobile access
- CustomerConnect for inbound secure email
- 24/7 Customer Support available for all users and all recipients
- 30 Day Money Back Guarantee
NeoCertified currently offers 7-day Free Trials for their Secure Email Solution.
>> Read the HIPAA HQ review of the NeoCertified HIPAA Compliant Email Solution
>> Learn more about the NeoCertified HIPAA Compliant Email Solution
>> Learn more about NeoCertified’s other secure solutions
LuxSci HIPAA Email
LuxSci has recently revised its HIPAA email product which is now perfect for most businesses. They offer a full featured HIPAA compliant email solution at competitive prices. Their HIPAA related feature set is impressive. They make sure your email usage is fully HIPAA compliant and are willing to sign a BAA. The LuxSci HIPAA email solution is actively safeguarded for the latest HIPAA Security and Privacy Rules, but has enough flexibility to combine both HIPAA accounts and non-HIPAA accounts. You can also choose for additional HIPAA compliant services like web form processing. There is a 30-days free trial to test out their services.
>> Learn more about LuxSci HIPAA Email features
>> Learn more about LuxSci HIPAA Email pricing, starting at $12 per month
Microsoft Office 365 HIPAAMicrosoft was the first of the major secure email providers to offer full HIPAA compliant email. Their product Office 365 (using Outlook for email) meets all the necessary HIPAA email requirements. For Office 365 HIPAA Microsoft will sign a Business Associate Agreement (BAA) so your email services are classified as Protected Health Information (PHI).
You can use the full suite of excellent Office 365 applications, along with Outlook for HIPAA email purposes. Microsoft Office 365 is priced very competitive priced given its features, making it the recommended choice for HIPAA compliant email.
>> Learn more about Microsoft Office 365 pricing and features
>> Learn more about HIPAA email compliance with Office 365
Aspida Mail is a comprehensive mail system that specializes in HIPAA complaint email. With Aspida Mail you can rest assured that you are not only are sending ePHI securely, but you are also storing it securely as well. Included in all of their plans is 6 years of backup and retention on all emails that you send and receive, this is vital in case of an audit. Setup is simple, taking less than a day, with no software to install or maintain.
Aspida Mail is competitively priced starting at just $9/month per mailbox, which prices per mailbox dropping when you add more mailboxes.
Special offer: Try the First Three months for $3! Aspida offers a 30 day money back guarantee, month to month contracts and risk free cancellation!
Use HIPAAHQ in the “Promotional Code” box in the shopping cart.
>> Learn more about Aspida Mail pricing and features
>> Learn more about the Aspida HIPAA Compliant Email Service
>> “How to combine encrypted email with regular email“, Blog post by Laura Miller, Compliance Manager of Aspida
>> “What exactly is a Business Associate and why do we need an agreement?“, Blog post by Laura Miller, Compliance Manager of Aspida
Gmail HIPAAGoogle was very late with making it possible to use Gmail for HIPAA compliant email. But since 2013, they agreed to sign a BAA upon request. Since one of the most sought after questions for HIPAA email is “Is Gmail HIPAA compliant?” this move will certainly meet a certain demand.
In fact it’s not only Gmail that can become HIPAA compliant, so do other apps with the Google Apps suite. The full set for Google Apps HIPAA consists of: Gmail, Google Calendar, Google Drive, and Google Apps Vault services. Gmail HIPAA does come with a number of limitations, of which you can read more about in this article. Compared to Office 365, Gmail isn’t quite there yet but they’re a viable alternative if you prefer Gmail for email handling.>> Learn more about Gmail HIPAA pricing and features
>> Blog post: Is Gmail HIPAA Compliant?
Paubox Encrypted Email
Paubox provides a seamless encryption experience for users and works with most email platforms, including Office 365, Google Apps, Lotus Notes, and Microsoft Exchange. Instead of extra buttons to press, passwords to remember, or encryption keys to exchange, Paubox allows you to write and send emails as normal from your desktop, tablet or mobile device and encrypts all outbound and inbound messages for you in the background.
The full Paubox HIPAA Encrypted Email solution includes:
- 100% HIPAA compliant with BAA included on all paid accounts
- Seamless encryption to prevent accidentally sending PHI over email
- Opportunistic In-bound encryption, phishing protection, virus scanning, and spam filtering
- Free 1 GB 256-bit AES encrypted file sharing account
- Free trial available
>> Learn more about the Paubox HIPAA Compliant Email Service
>> “Why your email should be HIPAA compliant“, HIPAA HQ Blog post by Hoala Greevy, founder and CEO of Paubox
MDOfficeMail is a specialized email provider, offering only HIPAA compliant email and HIPAA compliant fax services (which works by email as well). MDOfficeMail comes with both desktop mail and webmail. They can be reach by phone or email, and even offer remote desktop support.
MDOfficeMail has the lowest pricing of all HIPAA compliant email providers in this list, but they got an impressive array of technologies to allow for HIPAA encryption. MDOfficeMail will provide a BAA and will help you in setting up their service.
Email Pros is another provider focusing only on HIPAA and email combined with related services like file sending. They offer a very convenient process to make your email HIPAA secure. There’s even an option to further increase the security of your messages by using email encryption with passwords.
Email Pros has a high-end pricing, but it includes the ability to send secure files up to 2GB in size. Email Pros will sign a Business Associate Agreement (BAA) and help you reach full HIPAA email compliance.
MaxMD is a company providing a range of secure healthcare communication solutions with HIPAA and email being the main component. Called Direct mdEmail, it can be integrated in various ways into your existing email configuration. If you would like further integration into specific application you can use their so called Encryption as a Service (EaaS).
Direct mdEmail by MaxMD is a custom solution so there’s no upfront pricing information available. Depending on your current or future needs MaxMD will work out a custom quote for your. Upon installation of their services they will provide a BAA.
HIPPA Compliant Email?
There is lots of confusion between HIPAA email and HIPPA email. As HIPAA is often misspelled as HIPPA it’s easy to mistakenly do a search for HIPPA compliant email or HIPPA email. Luckily Google is keen enough to make the distinction and point you to the right pages. Just to be sure, there’s no HIPPA compliant email or HIPPA email, only HIPAA compliant email or HIPAA email.
We are constantly adding new articles on HIPAA compliant email and related services on our blog. Our current posts on HIPAA email are:
Is Gmail HIPAA Compliant – The Definitive Answer
Why your email should be HIPAA compliant by Hoala Greevy, founder and CEO of Paubox
HIPAA Security Rule Compliance Checklist
If you would like to suggest a HIPAA compliant hosting provider, or if you want to add your own company to this list, please use the contact form.