HIPAA Compliant Email Providers

Recommended HIPAA Compliant Email Providers

What HIPAA compliant email providers do is turning an insecure communication method into something secure and potentially HIPAA compliant. Please be sure you have read this full in-depth article first: HIPAA Compliant Email Explained were you learn more about the potential risks and benefits of combining HIPAA and email.

On this page you will find the complete list of HIPAA compliant email providers. There are more email providers of course, but not all of them are up capable of offering a HIPAA compliant email solution that stands the test by providing excellent HIPAA email encryption.

The companies listed offer outsourced HIPAA compliant email without the need to host anything on your own infrastructure. This type of arrangement makes them a business partner for which they need to sign a Business Associate Agreement (BAA). All of the providers in this list meet the HIPAA requirements and are willing to sign a BAA so you can be assured of full HIPAA email compliance.

I also want to point out an important section from the “HIPAA Cloud Storage Explained” article as it’s also applicable for HIPAA compliant email:

CEs (covered entities) should outsource to providers who advertise to be HIPAA compliant cloud storage providers and also those that are willing to provide signature to a HIPAA required Business Associate Agreement (BAA). Even then, the responsibility falls upon a CE to engage some method of risk analysis to ensure that a chosen cloud storage provider is compliant with all of the requirements of HIPAA.

Many hosting companies offer HIPAA compliant email as an addition to their HIPAA compliant hosting packages which you can find in our full list of HIPAA compliant hosting providers. But there are also a few specialized HIPAA compliant email providers who offer just that, email. I listed these below, along with a link to the relevant product information.

The Full List of HIPAA Compliant Email Providers

This list of HIPAA compliant email providers is constantly monitored and updated, to ensure you can make an informed decision. Currently listed are:

Recommended: VM Racks HIPAA Compliant Email

VM Racks logoVM Racks is a Cloud Provider offering a full suite of HIPAA Compliant Solutions including hosting, email, sftp and more. Their email solution includes unlimited secure email sending, mobile access from tablets and phones, a secure API, Microsoft Outlook Plug-in and more. They have a trademarked solution called True HIPAA Compliance™ which they use to guarantee their packages are 100% HIPAA compliant and they sign BAA’s for all customers.

Pricing for HIPAA Compliant Email starts at only $8/mailbox and includes 24/7 support.
Get VMRacks

>> Read the HIPAA HQ review of the VM Racks HIPAA Compliant Email Solution
>> Learn more about HIPAA Compliant Solutions from VM Racks
>> Learn more about HIPAA Compliant Email from VM Racks

Hushmail for Healthcare

hushmail logo

Special offer: Get a 10% lifetime discount

Hushmail is a fully hosted email service with enhanced security and seamless,  integrated encryption. In many ways, Hushmail is just like your current email provider but provides the ability to send and receive encrypted emails and attachments to and from anyone, even people who don’t use Hushmail.

Hushmail allows you to:

  • Easily add HIPAA compliant encryption to your emails
  • Send secure emails to your patient’s existing email address
  • Receive secure emails and documents from your patients, even if they don’t have a Hushmail account
  • Sign a Business Associate Agreement (BAA), required for HIPAA compliance

Hushmail for Healthcare is available everywhere you work with fully featured webmail, an iPhone app, and support for desktop and smartphone email applications.

>> Learn more about Hushmail for Healthcare features and pricing
>> New in Hushmail: A new way of easily sending encrypted email is here


Atlantic.Net provides a secure and fully audited hosting for HITECH and HIPAA Compliance, with plans starting at $328.00 per month.

Established in 1994, Atlantic.Net provides a wide range of email and web hosting services and solutions to include:

  • Dedicated Servers
  • Cloud Hosting
  • Private Cloud
  • Virtualization Hosting
  • Hybrid Hosting
  • Colocation Hosting

>> Learn more about Storage Hosting by Atlantic.net
>> Case study: Why ShareSafe Chose Atlantic.Net for Hosting Solutions (PDF)
>> Case study: Why Complete HealthCare Solutions, Inc. chose Atlantic.Net (PDF)
>> E-Book: Important Fundamentals you need to know about HIPAA Compliance (PDF)
>> “Why Does HIPAA Compliant Hosting Cost More?“, Blog post by Adnan Raj, VP of Marketing at Atlantic


NeoCertified is a leader in secure communications, specializing in a seamless, easy-to-use Secure Email Solution for individuals and businesses alike. They make the process as simple and convenient as possible, allowing all users to send and receive secure messages from mobile devices, tablets, computers, and any other internet-connected device. All secure emails are sent via their Cloud-based portal which utilizes AES 256-bit encryption and is compliant with all national and state-wide regulations & requirements.

Their Secure Email Solution is also compatible with all versions of Microsoft Outlook, including Outlook 365, which will give you the ability to compose, send, and receive secure messages directly from your Microsoft Outlook application.

NeoCertified’s HIPAA Compliant Email Solution includes:

  • Unlimited send/receive secure emails
  • Microsoft Outlook plug-in integration
  • They will sign a BAA (Business Associate Agreement) and help with compliance needs
  • Co-branded web portal
  • 256-bit encryption for all messages in transit and at rest
  • Optimized mobile access
  • CustomerConnect for inbound secure email
  • 24/7 Customer Support available for all users and all recipients
  • 30 Day Money Back Guarantee

NeoCertified currently offers 7-day Free Trials for their Secure Email Solution.

>> Read the HIPAA HQ review of the NeoCertified HIPAA Compliant Email Solution
>> Learn more about the NeoCertified HIPAA Compliant Email Solution
>> Learn more about NeoCertified’s other secure solutions

LuxSci HIPAA Email

LuxSci has recently revised its HIPAA email product which is now perfect for most businesses. They offer a full featured HIPAA compliant email solution at competitive prices. Their HIPAA related feature set is impressive. They make sure your email usage is fully HIPAA compliant and are willing to sign a BAA. The LuxSci HIPAA email solution is actively safeguarded for the latest HIPAA Security and Privacy Rules, but has enough flexibility to combine both HIPAA accounts and non-HIPAA accounts. You can also choose for additional HIPAA compliant services like web form processing. There is a 30-days free trial to test out their services.
>> Learn more about LuxSci HIPAA Email features
>> Learn more about LuxSci HIPAA Email pricing, starting at $12 per month

Microsoft Office 365 HIPAA

Microsoft was the first of the major secure email providers to offer full HIPAA compliant email. Their product Office 365 (using Outlook for email) meets all the necessary HIPAA email requirements. For Office 365 HIPAA Microsoft will sign a Business Associate Agreement (BAA) so your email services are classified as Protected Health Information (PHI).

You can use the full suite of excellent Office 365 applications, along with Outlook for HIPAA email purposes. Microsoft Office 365 is priced very competitive priced given its features, making it the recommended choice for HIPAA compliant email.
>> Learn more about Microsoft Office 365 pricing and features
>> Learn more about HIPAA email compliance with Office 365

Aspida Mail

Aspida Mail is a comprehensive mail system that specializes in HIPAA complaint email. With Aspida Mail you can rest assured that you are not only are sending ePHI securely, but you are also storing it securely as well. Included in all of their plans is 6 years of backup and retention on all emails that you send and receive, this is vital in case of an audit. Setup is simple, taking less than a day, with no software to install or maintain.

Aspida Mail is competitively priced starting at just $9/month per mailbox, which prices per mailbox dropping when you add more mailboxes.

Special offer: Try the First Three months for $3! Aspida offers a 30 day money back guarantee, month to month contracts and risk free cancellation!
Use HIPAAHQ in the “Promotional Code” box in the shopping cart.

>> Learn more about Aspida Mail pricing and features
>> Learn more about the Aspida HIPAA Compliant Email Service
>> “How to combine encrypted email with regular email“, Blog post by Laura Miller, Compliance Manager of Aspida
>> “What exactly is a Business Associate and why do we need an agreement?“, Blog post by Laura Miller, Compliance Manager of Aspida


Google was very late with making it possible to use Gmail for HIPAA compliant email. But since 2013, they agreed to sign a BAA upon request. Since one of the most sought after questions for HIPAA email is “Is Gmail HIPAA compliant?” this move will certainly meet a certain demand.

In fact it’s not only Gmail that can become HIPAA compliant, so do other apps with the Google Apps suite. The full set for Google Apps HIPAA consists of: Gmail, Google Calendar, Google Drive, and Google Apps Vault services. Gmail HIPAA does come with a number of limitations, of which you can read more about in this article. Compared to Office 365, Gmail isn’t quite there yet but they’re a viable alternative if you prefer Gmail for email handling.

>> Learn more about Gmail HIPAA pricing and features
>> Blog post: Is Gmail HIPAA Compliant?

Paubox Encrypted Email

Paubox provides a seamless encryption experience for users and works with most email platforms, including Office 365, Google Apps, Lotus Notes, and Microsoft Exchange. Instead of extra buttons to press, passwords to remember, or encryption keys to exchange, Paubox allows you to write and send emails as normal from your desktop, tablet or mobile device and encrypts all outbound and inbound messages for you in the background.

The full Paubox HIPAA Encrypted Email solution includes:

  • 100% HIPAA compliant with BAA included on all paid accounts
  • Seamless encryption to prevent accidentally sending PHI over email
  • Opportunistic In-bound encryption, phishing protection, virus scanning, and spam filtering
  • Free 1 GB 256-bit AES encrypted file sharing account
  • Free trial available

>> Learn more about the Paubox HIPAA Compliant Email Service
>> “Why your email should be HIPAA compliant“, HIPAA HQ Blog post by Hoala Greevy, founder and CEO of Paubox


MDOfficeMail is a specialized email provider, offering only HIPAA compliant email and HIPAA compliant fax services (which works by email as well). MDOfficeMail comes with both desktop mail and webmail. They can be reach by phone or email, and even offer remote desktop support.

MDOfficeMail has the lowest pricing of all HIPAA compliant email providers in this list, but they got an impressive array of technologies to allow for HIPAA encryption. MDOfficeMail will provide a BAA and will help you in setting up their service.

>> Learn more about MDOfficeMail pricing and features
>> Learn more about the MDOfficeMail HIPAA Compliant Email Service

Email Pros

Email Pros is another provider focusing only on HIPAA  and email combined with related services like file sending. They offer a very convenient process to make your email HIPAA secure. There’s even an option to further increase the security of your messages by using email encryption with passwords.

Email Pros has a high-end pricing, but it includes the ability to send secure files up to 2GB in size. Email Pros will sign a Business Associate Agreement (BAA) and help you reach full HIPAA email compliance.

>> Learn more about Email Pros pricing and features
>> Learn more about the Email Pros HIPAA Compliant Email Service


MaxMD is a company providing a range of secure healthcare communication solutions with HIPAA and email being the main component. Called Direct mdEmail, it can be integrated in various ways into your existing email configuration. If you would like further integration into specific application you can use their so called Encryption as a Service (EaaS).

Direct mdEmail by MaxMD is a custom solution so there’s no upfront pricing information available. Depending on your current or future needs MaxMD will work out a custom quote for your. Upon installation of their services they will provide a BAA.

>> Learn more about Direct mdEmail features
>> Learn more about MaxMD’s Encryption as a Service

HIPPA Compliant Email?

There is lots of confusion between HIPAA email and HIPPA email. As HIPAA is often misspelled as HIPPA it’s easy to mistakenly do a search for HIPPA compliant email or HIPPA email. Luckily Google is keen enough to make the distinction and point you to the right pages. Just to be sure, there’s no HIPPA compliant email or HIPPA email, only HIPAA compliant email or HIPAA email.

Further reading

We are constantly adding new articles on HIPAA compliant email and related services on our blog. Our current posts on HIPAA email are:

Is Gmail HIPAA Compliant – The Definitive Answer
Why your email should be HIPAA compliant
by Hoala Greevy, founder and CEO of Paubox
HIPAA Security Rule Compliance Checklist

If you would like to suggest a HIPAA compliant hosting provider, or if you want to add your own company to this list, please use the contact form.

Disclaimer: HIPAAHQ.com only recommends on providers, but can’t be held responsible for any choice you make. You are fully responsible for selecting a HIPAA compliant email provider and in becoming HIPAA compliant. 

About Jacco / Editor HIPAA HQ

Jacco Blankenspoor is the founder and editor of HIPAAHQ.com. Jacco specializes in providing useful and in-depth information about the complex topic that is HIPAA Compliant Hosting.

Check Also

HIPAA Compliant Email Explained

HIPAA Compliant Email Explained

The standards established for HIPAA compliant email require safe and secure methods of transmitting healthcare data and information by healthcare providers and their business associates. Like with most business entities, healthcare providers need to communicate using email as well as...


  1. what are the steps in setting up HIPPA compliant email accounts for my company?

    • Hello Don, this really depends on the email provider you decide to work with. I’m afraid I can’t answer you on this one, but feel free to ask any additional questions.


      • Thanks Jacco! I have another possibly related question….
        I am working with a developer who wants to move the DNS MX records to his DNS servers where he also hosts the public website for my client. He tells me that when he does this “ALL” emails come to his server then get forwarded over to office 365 hosted exchange…. because he is now hosting the MX records.
        Currently the MX records reside on Network Solutions Servers.

        It was my thinking and training….. that these records exist to tell folks where to find the email server where the email is hosted…. then the emails go directly to that server….. I don’t think the messages / emails ever go to Network Solutions now….
        Am I wrong?
        I just want to make sure what I think happens actually happens.. and I want to make sure I know the route of my client’s emails.

        Any response for anyone is welcomed…..

        Great Site by the way!
        Awesome even!!!

        • Hi Don,

          MX records are indeed used to point out where an email server is located. Is he redirects these MX records to his own servers, that is where the mails will land. Setting up a forward to Office 365 probably won’t work with multiple email accounts, since Office 365 required MX records to be pointed to its own servers to work probably. It’s better no to use any alternative routes.

          Hope this help,


  2. According to: http://www.adeliarisk.com/is-gmail-hipaa-compliant/
    “So is Gmail HIPAA Compliant?
    As of September 2013, the answer is that, yes, Gmail can be used as part of a HIPAA-compliant organization!”

  3. Hi Jacco, I’m late to this party but I have a question that I hope you can answer. I am a psychologist just beginning to explore digital record keeping, HIPAA compliant email and hosting service. There are numerous HIPAA compliant patient portals for therapists like myself, including some with email services. But almost none of them allow for custom website development. My question is, if I develop my own basic website using a non-HIPAA compliant service (such as Wix.com for example) and I use the website only for describing and marketing my services, can I install links on that website to a HIPAA compliant patient portal and consider the whole thing HIPAA compliant? In other words, I wouldn’t put any patient information at all on my website. It would be contained on a HIPAA compliant site with appropriate encryption and security features. What do you think? Thanks very much! Jason L.

    • Hi Jason,

      Please note I can’t give any official advice, so this is my personal opinion and can’t be taken als the truth.

      HIPAA compliance is required for medical data. You should be allowed to build an regular informative website with information about your services. Linking to the portal would be a good idea. So the scenario you stated should be okay.

      Keep in mind however, no provider or any advisor is responsible for your HIPAA compliancy, that is up to you. Sorry for all the disclaimers, just want to be sure on this.

      Hope this helps,
      Managing Editor HIPAA HQ

Leave a Reply

Your email address will not be published. Required fields are marked *