HIPAA Compliant Email Providers Roundup
Email is an important tool for communication. All industries and office types use email for all kinds of communication whether that is just between two coworkers, from CEO to the whole company or to connect with an outside organization.This is just as true with organizations in the healthcare industry as it is with other businesses, but there are additional risks and regulations that these organizations have to think about with using email, as it's risky to send PHI via email, so users must choose a HIPAA compliant email provider to prevent a costly breach.
Here is a list of several HIPAA Compliant Email providers:
HIPAA Compliant Email
The first HIPAA compliant email provider we will discuss today is Hushmail, which offers encryption software plus secure web forms and e-signatures. This platform features enhanced security through encrypted emails both sent and received. Plus with the Hushmail for Healthcare package, free business associate agreements and email archiving is available for all users.
Hushmail is available through webmail and phone applications, although it is an entirely separate platform than the email platforms you may be used to. Although it is a standalone software, you will not need to create a new email domain but rather can use this platform with your existing domains.
LuxSci is an email provider that specializes in HIPAA-compliant emails using Microsoft Exchange, G Suite, etc. Beyond emails, LuxSci is a complete solution that includes compliant text messaging, web hosting, video conferencing and online forms. This platform allows for the organization to customize a package including the security features that will uniquely match their needs.
LuxSci is a HIPAA compliant email platform that is secure enough to use on a broad scale in order to send mailing list messages but can also be used on a small scale for personal emails. It is the only software of its kind that allows you to send sensitive information in such high volumes. Plus, users do not need to create new email addresses in order to use this software and LuxSci will sign business associate agreements with their clients as needed. LuxSci also has a variety of other high-level security features that are available for use depending on the needs of their clients including automatic data backups, a 20-minute timeout period and a “Maximal Security” setting.
NeoCertified is a bit different from the other platforms that we’ve talked about so far as it is not an add-on or plug-in to add to your usual systems but rather is a stand alone product. This would be an ideal fit for organizations that are not already using a specific email provider and want a specific product dedicated to HIPAA compliant email encryption. Although NeoCertified is not a plug-in, it does easily integrate with Outlook which is a great feature if that is the email platform that you are accustomed to.
NeoCertified uses a 256-bit encryption which means that all data sent and received through this platform will be secure and compliant with all regulations, including HIPAA. In addition to their high level of encryption and security, they will also sign a Business Associate Agreement with you to guarantee that they take liability for their role in the data sharing.
Another similar platform is Paubox, which is also an encrypted email software that can be integrated with popular email providers. It does not operate as a plug-in like Virtru, but works directly with Office 365 and Gmail without an additional log-in or app. Paubox is easy to use across your many devices from mobile to desktop and more. Since it is so easy to use, it will not require the sender or recipient to do any extra logins or install any additional applications.
A great feature with Paubox is the ability to add a phishing email, SPAM and virus protection option to your platform for added security and protection. Paubox offers free business associate agreements for all paid users, which is a necessity for users that need to guarantee HIPAA compliance.
Another great email encryption software, Protected Trust, is a simple solution for sending secure emails. Protected Trust allows integration so that secure emails can be sent from Microsoft Outlook and many EHR platforms that you may already be using.
Protected Trust used 256-bit encryption plus two-factor authentication for all messages that are sent through their software. This ensures top tier level of security for all data sent via email. A few other key features for this provider are:
- Users ability to revoke an email before and after recipient has opened it
- Expiration dates to be set for messages for the recipient to have access to message and data
- Receipts sent for when recipient opens and then reads the message
- Signed HIPAA business associate agreements with users
Virtru is an encryption platform that you can add-on to common email providers like Microsoft exchange and Office 365. This software allows you to encrypt the data and control who can access it once sent. One of the key benefits to Virtru is that users do not have to transition to using a new provider but rather can make their email communications HIPAA compliant with a simple add-on.
Since signing a Business Associate Agreement is required with each subcontractor under HIPAA, make sure to use the paid version of Virtru so that you can utilize the BAA. It is a seamless platform to integrate into how you already work and can even use it through the simple web browser extension.
Here are a few unique features that Virtru offers:
- With end-to-end encryption, it is guaranteed that only the sender and recipient can decrypt the message that is being sent.
- Administrators are able to set expiration dates for messages, take back messages after they’ve been sent (and even opened) and control where they are forwarded.
Healthcare providers and their business associates want and need to be able to find an email provider that allows them to quickly communicate while keeping sensitive information they share encrypted and protected. Although many of the most popular email platforms, like Gmail and Yahoo, can be HIPAA compliant does not mean that they are without additional steps being taken. Instead, healthcare providers and other HIPAA compliant organizations might feel that it is a better fit to choose one of these popular HIPAA-compliant email providers who they can easily sign business associate agreements with.