Mastering HIPAA Compliance with Email Encryption

The Health Insurance Portability and Accountability Act (HIPAA) mandates that covered entities safeguard Protected Health Information (PHI) at rest, in transit, and in use. Failing to comply with HIPAA can result in hefty fines and reputational damage.
This comprehensive guide explores eleven top-rated HIPAA-compliant email encryption services to help you navigate this crucial aspect of data security. We’ll delve into each provider’s setup process, encryption and security features, additional functionalities, and cost structure. This analysis empowers you to make an informed decision and select the solution that best aligns with your organization’s needs.

Reviewed services:

  • Barracuda
  • Egress
  • Hushmail
  • Identillect (Delivery Trust)
  • LuxSci
  • MailHippo
  • NeoCertified
  • Protected Trust
  • ProtonMail
  • RMail (by RPost)
  • Virtru

Email encryption providers infographic


Choosing the Right HIPAA-Compliant Email Encryption Service

The ideal HIPAA-compliant email encryption service depends on several factors, including:
Number of Users: Consider solutions that scale seamlessly as your organization grows.
Budget: Explore a range of pricing structures to find a cost-effective option.
Technical Expertise: Opt for a user-friendly platform that aligns with your IT team’s capabilities.
Desired Features: Identify the functionalities most crucial for your workflows (e.g., secure file transfer, mobile access, audit trails).


Beyond Encryption: Additional Considerations


While encryption is a cornerstone of HIPAA compliance, a holistic approach is essential. Here are some additional security measures to implement:
Employee Training: Regularly educate staff on HIPAA regulations and best practices for handling PHI.
Strong Passwords: Enforce complex password policies and encourage two-factor authentication.
Access Controls: Limit PHI access based on the least privilege principle.
Regular Backups: Implement a robust backup and recovery plan to safeguard data in case of disruptions.

Service Reviews


Barracuda logo - HIPAA Compliant Email Encryption Service

Barracuda – HIPAA Compliant Email Encryption Service

Setup: A fully cloud-based solution that requires no hardware or software installation. It integrates seamlessly with Office 365, Microsoft Exchange, and other SMTP mail servers, making it a versatile choice for various infrastructures.

Encryption and Security: Barracuda employs Advanced Encryption Standard (AES) with a 256-bit cipher, coupled with Transport Layer Security (TLS) to secure email transmissions. Additionally, it includes threat protection scanning to identify and mitigate potential risks before they reach the recipient.

Additional Features: This solution is equipped with outbound filtering to prevent unauthorized data leaks, data loss prevention tools, and email spooling for continuity during server outages. It also offers Denial-of-Service (DoS) attack prevention and robust email archiving capabilities to meet compliance and organizational needs.

Cost: Pricing starts at $4.73 per user per month, with a requirement of at least 10 users. There is no setup fee for this HIPAA compliant email encryption service and the company offers a free trial.

Egress – HIPAA Compliant Email Encryption Service

Setup: Egress can be deployed as a desktop plug-in or accessed through a web-based interface. It is compatible with widely-used platforms such as Outlook, Gmail, and mobile devices running on Apple or Android operating systems, offering broad accessibility.

Encryption and Security: Uses AES-256 bit encryption to secure emails and attachments at the message level. It also includes multi-factor authentication for added account protection and forced recipient controls to ensure that only authorized users can access messages. Automated Data Loss Protection (DLP) ensures sensitive data is identified and managed appropriately.

Additional Features: Egress offers seamless integration with email clients like Outlook and Gmail. Its features include secure file sharing, mobile access, and advanced anomaly detection through the Prevent tool, which identifies potential security threats in email behavior.

Cost: Pricing depends on the number of users. Single-user plans start at $100 per year, with scalable options for larger organizations. Notably, this HIPAA compliant email encryption service is free for third party users, meaning recipients can access encrypted emails whether or not they use the service.  Egress also offers a free trial for users who would like to sample their services.

Hushmail logo - HIPAA Compliant Email Encryption Service

Hushmail – HIPAA Compliant Email Encryption Service

Identillect logo - HIPAA Compliant Email Encryption Service

Identillect – HIPAA Compliant Email Encryption Service

Setup: The setup process is user-friendly, featuring an interactive demo and tutorials for new users. It offers access through a web portal, or plug-ins for Outlook or Gmail, ensuring adaptability to various environments.

Encryption and Security: Identillect employs AES-256 bit encryption and SSL/TLS encryption for secure communications. Recipient authentication ensures only the intended individual can access the message, which can be viewed securely through the platform’s web portal.

Additional Features: This service is equipped with a business admin account for centralized control, a secure scan feature, message expiration settings, and two-factor authentication. It also supports the secure transfer of large files, adding to its utility for businesses handling sensitive data.

Cost: Plans range between $5.95 and $10 per user per month, depending on the selected features. Users can try a demo of this HIPAA compliant email encryption service here.

LuxSci logo - HIPAA Compliant Email Encryption Service

LuxSci – HIPAA Compliant Email Encryption Service

Setup: Offers web portal access with integration options for existing email clients, such as Outlook and Gmail. The platform is designed to work seamlessly across various workflows and client preferences.

Encryption and Security: LuxSci supports multiple encryption protocols, including SSL/TLS, SMTP TLS, PGP, S/MIME, and Escrow, ensuring end-to-end data security. For enhanced protection, VPN access can also be enabled.

Additional Features: The service includes secure productivity tools, HIPAA training for employees, email archiving, data backup, and audit logging. Its “Maximal Security” setting allows organizations to enforce stringent security measures as needed.

Cost: LuxSci offers three pricing tiers (small, custom, and enterprise custom), starting at $4 per user per month, with a $50 minimum order. All plans are equipped to handle the needs of HIPAA compliant clients. Also, you may request a free trial here.

MailHippo – HIPAA Compliant Email Encryption Service

Setup: A simple-to-use platform requiring no setup. MailHippo is compatible with any existing email provider, making it accessible and convenient for users.

Encryption and Security: The platform features end-to-end encryption with 256-bit encryption and provides secure storage of emails. Users can access detailed logs to monitor activity and ensure compliance.

Additional Features: MailHippo offers unique functionalities like a SendSafe™ address for secure messaging, large file transfers, message recall, expiration controls, and a mobile-friendly interface to access emails on the go.

Cost: Offers a free 30-day trial, with paid plans starting at $4.95 per month. To compare plans and see all features, visit their website.

NeoCertified — HIPAA Compliant Email Encryption Service

Setup: NeoCertified provides a web portal for access and integrates with popular email clients such as Outlook and Gmail for seamless operation.

Encryption and Security: The platform uses AES-256 bit encryption and SSL/TLS encryption to secure communications. End-to-end encryption ensures that only the sender and recipient can access the message content.

Additional Features: NeoCertified includes secure forms for collecting data, message expiration controls, an option to disable replies, a mobile app for on-the-go use, and recipient authentication to verify access.

Cost: Offers five pricing tiers, starting at $59 per user annually.

Protected Trust logo – HIPAA Compliant Email Encryption Service LOGO

Protected Trust – HIPAA Compliant Email Encryption Service

Setup: Users can access the platform through a web portal or integrate it with Microsoft Outlook for convenience.

Encryption and Security: Features AES-256 bit encryption, two-factor authentication, and end-to-end encryption to ensure data privacy and security.

Additional Features: Includes secure file transfers of up to 5GB, read receipts, message revocation, expiration controls, guest accounts, 24/7 support, and penetration testing to enhance overall security.

Cost: $36 per month for a minimum of three users. This HIPAA compliant email encryption service offers a free trial for new users.

ProtonMail – HIPAA Compliant Email Encryption Service

Setup: ProtonMail is accessible through a web portal and allows seamless migration from other email services.

Encryption and Security: Features end-to-end encryption and zero-access encryption, ensuring that not even ProtonMail can access user data. Non-ProtonMail users can access messages securely through a secure web browser interface.

Additional Features: Offers secure file transfers, message expiration settings, custom labels, quick filters, multiple layout options for email organization, and integration with ProtonVPN for added security.

Cost: ProtonMail has three pricing plans: Mail Essentials, Business, and Enterprise. Prices start at $6.99 per user per month.

RMail logo - HIPAA Compliant Email Encryption Service

RMail – HIPAA Compliant Email Encryption Service

Setup:
RMail provides a straightforward installation via its website, tailored to platforms like Gmail and Outlook. Users can easily integrate the RMail add-in into their email interface, adding an encryption button.

Encryption and Security:
RMail encrypts messages with AES-256 bit encryption, delivering emails directly to recipients’ inboxes without requiring external links, accounts, or web access. Automatic TLS encryption is enabled when supported by both sender and recipient servers.

Additional Features:
Features include tracking email delivery and open status with Registered Receipt™ technology, e-signature functionality, and secure file sharing up to 1GB. RMail supports an audit trail, integrates with Outlook and Gmail, and offers click-to-sign capabilities.

Cost:
The free tier allows five encrypted emails per month. Paid plans start at $14.99/user/month. Enterprise plans require a custom quote. You can try Rmail for free here.

Virtru logo - HIPAA Compliant Email Encryption Service

Virtru – HIPAA Compliant Email Encryption Service

Setup: Virtru integrates seamlessly with G Suite and Microsoft 365. Users can download the Virtru extension for web browsers or integrate it with Outlook or Gmail. Mobile applications are available for iOS and Android.

Encryption and Security: Offers end-to-end encryption, ensuring only the sender and recipient can access email content. Virtru employs an ephemeral key exchange for additional security and allows secure email transmission without requiring recipients to create accounts.

Additional Features: Admins can revoke messages, control forwarding, set expiration dates, and track message activity. Messages decrypt effortlessly through Virtru’s Secure Reader after recipient verification.

Cost: Pricing is not publicly listed. Contact Virtru’s sales team for customized pricing.

Note: Virtru for Personal Use (the free plug-in), does not include a BAA, and therefore is not HIPAA compliant. You must purchase the paid version or Virtru to use their HIPAA compliant email encryption service.

Compare HIPAA Compliant Email Encryption Services:

Company Name Additional Features Cost Free Trial Setup Fee
Barracuda Threat protection scanning, archiving, automatic encryption, Denial of Service Attack prevention Starting cost $4.73/user/month (minimum 10 users) increases with added features Yes No
Egress Multi-factor authentication, secure large file sharing, Automated DataLoss Protection (DLP), controls over email recipient actions (like preventing copy/paste) Varies based on the size of the company, on average, it costs $100/user/year ($8.30 monthly) Yes No, but the organization does charge an “Infrastructure Cost” fee
Hushmail Archiving, the ability to create unlimited email aliases, email record management(for audits), integration with a website for accessing EMRs and other special features for healthcare industry clients $9.99/user/month for one user with 10GB storage,$19.99/month for up to five users and 15GB storage No, only for personal use users (not those who need the HIPAA compliant solution) Yes, $9.99
Indentillect Optional business admin account for implementing additional security controls, automatic encryption, eSigning, recipient multi-factor authentication $5.95-10/user/month depending on the plan Yes No
LuxSci Automatic timeout, optional business admin controls, secure productivity tools (calendars, workspaces, file sharing, and address books), HIPAA trained staff $10/month for up to 50 users with 50GB storage,$67.50/month for unlimited users and storage (also dependant upon the number of client’s servers) Yes No
MailHippo Help with branding, large file upload, message recall, message expiration $4.95/month for 5,000 messages and 5GB storage, $7.95/month for 10,000 messages and 10GB storage Yes No
Protected Trust

10 minutes setup, works with EMR systems, mobile apps, multi-factor authentication for both users and email recipients, email expiration controls, 10year message retention, 24/7 customer support, free guest accounts

 

$36/month for a minimum of three users and (additionally, $12/user/month for each user over 3), single user licenses cost $15/month Yes No
Rmail

Time-stamped proof of delivery, eSigning, time-stamped proof of opening, secure large file transfer, audit trail for sending and receiving emails, training videos, phone support (for users with premium accounts)

 

$14.99/user/month for one to ten users, larger companies receive custom quotes Yes No
Virtru

Mobile and web browser options, message revocation option, video tutorials, controls allow the sender to see where messages are forwarded, the option to set expiration dates for messages

 

Virtru does not disclose its pricing online – contact a sales rep for a custom quote Yes No

Conclusion


Selecting the right HIPAA-compliant email encryption service is crucial for protecting patient privacy and avoiding costly penalties. By carefully evaluating your organization’s needs and considering the factors outlined in this guide, you can make an informed decision and ensure robust data security.

Remember, HIPAA compliance is an ongoing process. To maintain a strong security posture, regularly review your security measures and stay updated on evolving regulations. Don’t let HIPAA compliance keep you up at night. Let Total HIPAA handle the complexities so you can focus on what matters most. Schedule a free consultation today and ensure your organization is fully compliant.

Sharing is caring!

Documents

Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.


Download Now

Want to stay informed?

Join our community, stay ahead of the curve on HIPAA compliance and receive free expert guidance.

State of HIPAA Compliance in 2024

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!

Document

Related Posts

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)