Hey everyone, I'm managing IT for a small regional non-profit that's a covered entity under HIPAA. We currently use Paubox for sending outgoing emails, which encrypts emails in transit automatically. If the receiving server doesn't support encryption, it sends a link for the recipient to view the message securely. It's really seamless, which is great, but it's on the pricey side. I want to hear about other organizations' experiences with their email encryption solutions and get a rough idea of pricing per sender. We use Google Workspace Business Plus, and while I know we can set it to require encryption, fallback options like confidential mode aren't as automatic, plus our case management system adds another layer of complexity. Any insights would be appreciated! Thanks!
7 Answers
It's true that seamless solutions often come with a higher price tag. Even if you’re outsourcing the encryption, remember that it's still someone else’s responsibility. If something goes wrong, it’s good to have a vendor to point to for liability!
Zix is definitely a go-to in healthcare for what you're looking into. I've used it for a while, but I’m not sure about the pricing. Might want to reach out to them for a quote.
Thanks for the suggestion! I'll look into Zix.
I’ve used Zix for years, and it works pretty well!
Ever heard of SSL? It could be a solution too!
Yes, but some of our recipients aren't equipped for SSL unfortunately.
At my company, we deal with PHI and use TLS for transit. If the recipient doesn’t support it, we require them to log into our Exchange server to download their messages. That way, the information stays secure.
We've set up Exchange rules to apply encryption. We even filter outgoing messages for PII and PHI, which helps ensure that only the right emails are encrypted. It doesn't cover everything though; gotta be careful with casual emails to not accidentally encrypt a ‘Happy Boss's Day!' message.
Good luck on finding the right solution! There's a lot to navigate with HIPAA compliance.
We use Cisco CES for encryption. Users can choose to encrypt their emails, but no strict DLP policies in place at this time. The pricing isn't cheap, but since we're already using Cisco equipment, it fits in well with our existing setup.
That's a fair point! Sometimes it feels safer to have that vendor relationship to avoid direct responsibility.