WatchDog HIPAA Compliant Email

HIPAA Compliance for Email


HIPAA compliance for email has been a hotly debated topic since changes were enacted in the Health Insurance Portability and Accountability Act (HIPAA) in 2013. Of particular relevance is the language of the HIPAA Security Rule; which, although not expressly prohibiting the use of email to communicate PHI, introduces a number of requirements before email communications can be considered to be HIPAA compliant(*).

HIPAA email rules require covered entities to implement access controls, audit controls, integrity controls, ID authentication, and transmission security have to be fulfilled in order to:

  • Restrict access to PHI
  • Monitor how PHI is communicated
  • Ensure the integrity of PHI at rest
  • Ensure 100% message accountability, and
  • Protect PHI from unauthorized access during transit

Some HIPAA covered entities have put forward the argument that encryption is sufficient to ensure HIPAA compliance for email. However, HIPAA email rules do not just cover encryption. Encryption alone does not fulfill the audit control requirement of monitoring how PHI is communicated or the ID authentication requirement to ensure message accountability.

Best HIPAA Compliant Email Encryption Services

Watchdog HIPAA Compliance for Email


In this blog post, we review nine email encryption vendors (Barracuda, Egress, Hushmail, Indentillect, MailHippo, LuxSci, Protected Trust, Rmail, & Virtru) who provide HIPAA compliant email encryption services that will keep your information safe when in transit. All of these products offer similar features and price points. These companies are equipped to handle all of your HIPAA compliant email encryption needs, and they also provide the services at a reasonable price that even small and medium-sized businesses can afford.

HIPAA requires all Covered Entities to protect PHI (Protected Health Information) at rest, in storage, and in transit. There is a common misconception that email is a secure way to send and receive PHI. Implementing HIPAA compliant email encryption practices is a requirement for protecting PHI. End-to-end encryption configures the data so that only the sender and intended recipient can read the email’s content. Encryption works by assigning a unique “key” for unlocking the contents of the email that only the intended recipient gets.


Hippa Security Rule

Accountable’s online platform guides you step-by-step through the process of becoming HIPAA compliant.


Hippa Privacy Rule

Our support team is available via live chat, email, and phone to help with any questions that you might have about HIPAA or our software.


Hippa Enforcement Rule

Stop worrying about the penalties and fees your company may receive for non-compliance with HIPAA.


Hippa Branch notification Rule

Your website will be based on the right platform and in the right way. Plateform specific good user friendly