The Health Insurance Portability and Accountability Act (HIPAA) mandates that covered entities safeguard Protected Health Information (PHI) at rest, in transit, and in use. Failing to comply with HIPAA can result in hefty fines and reputational damage.
This comprehensive guide explores eleven top-rated HIPAA-compliant email encryption services to help you navigate this crucial aspect of data security. We’ll delve into each provider’s setup process, encryption and security features, additional functionalities, and cost structure. This analysis empowers you to make an informed decision and select the solution that best aligns with your organization’s needs.
Reviewed services:
- Barracuda
- Egress
- Hushmail
- Identillect (Delivery Trust)
- LuxSci
- MailHippo
- NeoCertified
- Protected Trust
- ProtonMail
- RMail (by RPost)
- Virtru
Choosing the Right HIPAA-Compliant Email Encryption Service
The ideal HIPAA-compliant email encryption service depends on several factors, including:
Number of Users: Consider solutions that scale seamlessly as your organization grows.
Budget: Explore a range of pricing structures to find a cost-effective option.
Technical Expertise: Opt for a user-friendly platform that aligns with your IT team’s capabilities.
Desired Features: Identify the functionalities most crucial for your workflows (e.g., secure file transfer, mobile access, audit trails).
Beyond Encryption: Additional Considerations
While encryption is a cornerstone of HIPAA compliance, a holistic approach is essential. Here are some additional security measures to implement:
Employee Training: Regularly educate staff on HIPAA regulations and best practices for handling PHI.
Strong Passwords: Enforce complex password policies and encourage two-factor authentication.
Access Controls: Limit PHI access based on the least privilege principle.
Regular Backups: Implement a robust backup and recovery plan to safeguard data in case of disruptions.
Service Reviews
Barracuda – HIPAA Compliant Email Encryption Service
Setup: A fully cloud-based solution that requires no hardware or software installation. It integrates seamlessly with Office 365, Microsoft Exchange, and other SMTP mail servers, making it a versatile choice for various infrastructures.
Encryption and Security: Barracuda employs Advanced Encryption Standard (AES) with a 256-bit cipher, coupled with Transport Layer Security (TLS) to secure email transmissions. Additionally, it includes threat protection scanning to identify and mitigate potential risks before they reach the recipient.
Additional Features: This solution is equipped with outbound filtering to prevent unauthorized data leaks, data loss prevention tools, and email spooling for continuity during server outages. It also offers Denial-of-Service (DoS) attack prevention and robust email archiving capabilities to meet compliance and organizational needs.
Cost: Pricing starts at $4.73 per user per month, with a requirement of at least 10 users. There is no setup fee for this HIPAA compliant email encryption service and the company offers a free trial.
Egress – HIPAA Compliant Email Encryption Service
Setup: Egress can be deployed as a desktop plug-in or accessed through a web-based interface. It is compatible with widely-used platforms such as Outlook, Gmail, and mobile devices running on Apple or Android operating systems, offering broad accessibility.
Encryption and Security: Uses AES-256 bit encryption to secure emails and attachments at the message level. It also includes multi-factor authentication for added account protection and forced recipient controls to ensure that only authorized users can access messages. Automated Data Loss Protection (DLP) ensures sensitive data is identified and managed appropriately.
Additional Features: Egress offers seamless integration with email clients like Outlook and Gmail. Its features include secure file sharing, mobile access, and advanced anomaly detection through the Prevent tool, which identifies potential security threats in email behavior.
Cost: Pricing depends on the number of users. Single-user plans start at $100 per year, with scalable options for larger organizations. Notably, this HIPAA compliant email encryption service is free for third party users, meaning recipients can access encrypted emails whether or not they use the service. Egress also offers a free trial for users who would like to sample their services.
Hushmail – HIPAA Compliant Email Encryption Service
Identillect – HIPAA Compliant Email Encryption Service
Setup: The setup process is user-friendly, featuring an interactive demo and tutorials for new users. It offers access through a web portal, or plug-ins for Outlook or Gmail, ensuring adaptability to various environments.
Encryption and Security: Identillect employs AES-256 bit encryption and SSL/TLS encryption for secure communications. Recipient authentication ensures only the intended individual can access the message, which can be viewed securely through the platform’s web portal.
Additional Features: This service is equipped with a business admin account for centralized control, a secure scan feature, message expiration settings, and two-factor authentication. It also supports the secure transfer of large files, adding to its utility for businesses handling sensitive data.
Cost: Plans range between $5.95 and $10 per user per month, depending on the selected features. Users can try a demo of this HIPAA compliant email encryption service here.
LuxSci – HIPAA Compliant Email Encryption Service
Setup: Offers web portal access with integration options for existing email clients, such as Outlook and Gmail. The platform is designed to work seamlessly across various workflows and client preferences.
Encryption and Security: LuxSci supports multiple encryption protocols, including SSL/TLS, SMTP TLS, PGP, S/MIME, and Escrow, ensuring end-to-end data security. For enhanced protection, VPN access can also be enabled.
Additional Features: The service includes secure productivity tools, HIPAA training for employees, email archiving, data backup, and audit logging. Its “Maximal Security” setting allows organizations to enforce stringent security measures as needed.
Cost: LuxSci offers three pricing tiers (small, custom, and enterprise custom), starting at $4 per user per month, with a $50 minimum order. All plans are equipped to handle the needs of HIPAA compliant clients. Also, you may request a free trial here.
MailHippo – HIPAA Compliant Email Encryption Service
Setup: A simple-to-use platform requiring no setup. MailHippo is compatible with any existing email provider, making it accessible and convenient for users.
Encryption and Security: The platform features end-to-end encryption with 256-bit encryption and provides secure storage of emails. Users can access detailed logs to monitor activity and ensure compliance.
Additional Features: MailHippo offers unique functionalities like a SendSafe™ address for secure messaging, large file transfers, message recall, expiration controls, and a mobile-friendly interface to access emails on the go.
Cost: Offers a free 30-day trial, with paid plans starting at $4.95 per month. To compare plans and see all features, visit their website.
NeoCertified — HIPAA Compliant Email Encryption Service
Setup: NeoCertified provides a web portal for access and integrates with popular email clients such as Outlook and Gmail for seamless operation.
Encryption and Security: The platform uses AES-256 bit encryption and SSL/TLS encryption to secure communications. End-to-end encryption ensures that only the sender and recipient can access the message content.
Additional Features: NeoCertified includes secure forms for collecting data, message expiration controls, an option to disable replies, a mobile app for on-the-go use, and recipient authentication to verify access.
Cost: Offers five pricing tiers, starting at $59 per user annually.
Protected Trust – HIPAA Compliant Email Encryption Service
Setup: Users can access the platform through a web portal or integrate it with Microsoft Outlook for convenience.
Encryption and Security: Features AES-256 bit encryption, two-factor authentication, and end-to-end encryption to ensure data privacy and security.
Additional Features: Includes secure file transfers of up to 5GB, read receipts, message revocation, expiration controls, guest accounts, 24/7 support, and penetration testing to enhance overall security.
Cost: $36 per month for a minimum of three users. This HIPAA compliant email encryption service offers a free trial for new users.
ProtonMail – HIPAA Compliant Email Encryption Service
Setup: ProtonMail is accessible through a web portal and allows seamless migration from other email services.
Encryption and Security: Features end-to-end encryption and zero-access encryption, ensuring that not even ProtonMail can access user data. Non-ProtonMail users can access messages securely through a secure web browser interface.
Additional Features: Offers secure file transfers, message expiration settings, custom labels, quick filters, multiple layout options for email organization, and integration with ProtonVPN for added security.
Cost: ProtonMail has three pricing plans: Mail Essentials, Business, and Enterprise. Prices start at $6.99 per user per month.
RMail – HIPAA Compliant Email Encryption Service
Setup:
RMail provides a straightforward installation via its website, tailored to platforms like Gmail and Outlook. Users can easily integrate the RMail add-in into their email interface, adding an encryption button.
Encryption and Security:
RMail encrypts messages with AES-256 bit encryption, delivering emails directly to recipients’ inboxes without requiring external links, accounts, or web access. Automatic TLS encryption is enabled when supported by both sender and recipient servers.
Additional Features:
Features include tracking email delivery and open status with Registered Receipt™ technology, e-signature functionality, and secure file sharing up to 1GB. RMail supports an audit trail, integrates with Outlook and Gmail, and offers click-to-sign capabilities.
Cost:
The free tier allows five encrypted emails per month. Paid plans start at $14.99/user/month. Enterprise plans require a custom quote. You can try Rmail for free here.
Virtru – HIPAA Compliant Email Encryption Service
Setup: Virtru integrates seamlessly with G Suite and Microsoft 365. Users can download the Virtru extension for web browsers or integrate it with Outlook or Gmail. Mobile applications are available for iOS and Android.
Encryption and Security: Offers end-to-end encryption, ensuring only the sender and recipient can access email content. Virtru employs an ephemeral key exchange for additional security and allows secure email transmission without requiring recipients to create accounts.
Additional Features: Admins can revoke messages, control forwarding, set expiration dates, and track message activity. Messages decrypt effortlessly through Virtru’s Secure Reader after recipient verification.
Cost: Pricing is not publicly listed. Contact Virtru’s sales team for customized pricing.
Note: Virtru for Personal Use (the free plug-in), does not include a BAA, and therefore is not HIPAA compliant. You must purchase the paid version or Virtru to use their HIPAA compliant email encryption service.
Compare HIPAA Compliant Email Encryption Services:
| Company Name | Additional Features | Cost | Free Trial | Setup Fee |
|---|---|---|---|---|
| Barracuda | Threat protection scanning, archiving, automatic encryption, Denial of Service Attack prevention | Starting cost $4.73/user/month (minimum 10 users) increases with added features | Yes | No |
| Egress | Multi-factor authentication, secure large file sharing, Automated DataLoss Protection (DLP), controls over email recipient actions (like preventing copy/paste) | Varies based on the size of the company, on average, it costs $100/user/year ($8.30 monthly) | Yes | No, but the organization does charge an “Infrastructure Cost” fee |
| Hushmail | Archiving, the ability to create unlimited email aliases, email record management(for audits), integration with a website for accessing EMRs and other special features for healthcare industry clients | $9.99/user/month for one user with 10GB storage,$19.99/month for up to five users and 15GB storage | No, only for personal use users (not those who need the HIPAA compliant solution) | Yes, $9.99 |
| Indentillect | Optional business admin account for implementing additional security controls, automatic encryption, eSigning, recipient multi-factor authentication | $5.95-10/user/month depending on the plan | Yes | No |
| LuxSci | Automatic timeout, optional business admin controls, secure productivity tools (calendars, workspaces, file sharing, and address books), HIPAA trained staff | $10/month for up to 50 users with 50GB storage,$67.50/month for unlimited users and storage (also dependant upon the number of client’s servers) | Yes | No |
| MailHippo | Help with branding, large file upload, message recall, message expiration | $4.95/month for 5,000 messages and 5GB storage, $7.95/month for 10,000 messages and 10GB storage | Yes | No |
| Protected Trust | 10 minutes setup, works with EMR systems, mobile apps, multi-factor authentication for both users and email recipients, email expiration controls, 10year message retention, 24/7 customer support, free guest accounts
| $36/month for a minimum of three users and (additionally, $12/user/month for each user over 3), single user licenses cost $15/month | Yes | No |
| Rmail | Time-stamped proof of delivery, eSigning, time-stamped proof of opening, secure large file transfer, audit trail for sending and receiving emails, training videos, phone support (for users with premium accounts)
| $14.99/user/month for one to ten users, larger companies receive custom quotes | Yes | No |
| Virtru | Mobile and web browser options, message revocation option, video tutorials, controls allow the sender to see where messages are forwarded, the option to set expiration dates for messages
| Virtru does not disclose its pricing online – contact a sales rep for a custom quote | Yes | No |
Conclusion
Selecting the right HIPAA-compliant email encryption service is crucial for protecting patient privacy and avoiding costly penalties. By carefully evaluating your organization’s needs and considering the factors outlined in this guide, you can make an informed decision and ensure robust data security.
Remember, HIPAA compliance is an ongoing process. To maintain a strong security posture, regularly review your security measures and stay updated on evolving regulations. Don’t let HIPAA compliance keep you up at night. Let Total HIPAA handle the complexities so you can focus on what matters most. Schedule a free consultation today and ensure your organization is fully compliant.
