All HIPAApropriateness Reviews >>

ProtonMail and HIPAA Compliance

Published November 22, 2016. Product Features: ,

Company that makes this product:

ProtonMail and HIPAA Compliance Product Home Page | Trial Account Page

Important: HIPAApropriateness reviews, including their summaries, are for informational purposes only. They are neither consultation nor legal advice. Be aware that while we do our best to be thorough and complete, information may be missing or possibly even inaccurate. Products also change quickly, and the review may become out of date. By continuing to read, you agree to use the information in HIPAApropriateness reviews and their summaries at your own risk.

Vital Stats

HIPAA compliance with this product appears possible?: Yes.
Recommend for your HIPAA risk management needs?: Yes. Be sure to read the notes regarding HIPAA-specific items.
# of Caveats: 0 view caveats→
# of Usage Notes: 0 view notes→

Relevant Product Characteristics

  • This product does not appear to have been designed specifically with healthcare in mind. Note that many products that are useful and appropriate for health care professionals are not designed specifically with health care in mind.

What Is This Product?

This review is public. Generally, our HIPAA-propriateness reviews are only available to members of Person-Centered Tech Support, but this one is special. If you want access to all of our HIPAA-propriateness reviews, please subscribe to Person-Centered Tech Support today.

 

Protonmail LogoProtonMail is a high-privacy secure messaging platform with both webmail and mobile apps. They also offer a BAA even with their FREE tier of service. This is rare, folks.

It’s Hosted in Switzerland. Is that okay for HIPAA?

For a long time, we weren’t sure about that. Luckily, HHS has been on a guidance-writing streak throughout 2016 and they dispelled this nasty rumor. Hosting information outside the US is fine so long as there is a BAA in place (citation). We also need to take the locale into account in our risk analyses. At the time of writing, we are not aware of any political unrest or problems of note in Switzerland that would impact the security of ProtonMail’s servers.

Downsides That Aren’t Caveats

Caveats are criticisms of the company or warnings about the product. None of these downsides meet those criteria, so we’re just calling them “downsides.”

  1. ProtonMail doesn’t offer an easy way for someone to initiate a secure message to you – of course they could still send a normal e-mail. In order for a client to send you a secure message through ProtonMail, they must either:
    • Have their own ProtonMail account
    • Find a ProtonMail message you sent to them that hasn’t already expired and then reply to it.

Okay, there was only 1 downside. That’s a good thing!

This product offers a free service tier or a free trial account:

We encourage all clinicians interested in this product to try out the free trial or experiment with the free tier to see if it suits your needs.

If you discover anything of concern that isn’t addressed in this review yet, please tell Liath about it at [email protected].

Caveats

Caveats are criticsms of the company or product that we feel are relevant to your risk management or other important considerations.

None

Notes

Notes cover points where the product can’t ensure compliance or ethical action for you. These help you know what your part of the compliance puzzle looks like when using this product. A high note count usually correlates with a feature-rich product, and not necessarily with a product that has problems.

None

v2.0.2-beta

Continuing Education National Approvals

Person Centered Tech Incorporated has been approved by NBCC as an Approved Continuing Education Provider, ACEP No. 6582. Programs that do not qualify for NBCC credit are clearly identified. Person Centered Tech Incorporated is solely responsible for all aspects of the programs.

Person Centered Tech Incorporated is approved by the American Psychological Association to sponsor continuing education for psychologists. Person Centered Tech Incorporated maintains responsibility for this program and its content.

Continuing Education State Approvals

  • Person Centered Tech is an approved provider continuing education provider with the Florida Board of Clinical Social Work, Marriage and Family Therapy and Mental Health Counseling. CE Broker Provider #50-23706.
  • Ohio Counselor, Social Worker, and Marriage and Family Therapist Board accepts continuing education credits from providers approved by the Florida Board of Clinical Social Work, Marriage and Family Therapy and Mental Health.
  • Person-Centered Tech Incorporated is recognized by the New York State Education Department's State Board for Social Work as an approved provider of continuing education for licensed social workers #SW-0540 and the State Board for Mental Health Practitioners as an approved provider of continuing education for licensed marriage and family therapists #MFT-0092, licensed mental health counselors #MHC-0210 and licensed psychoanalysts #P-0050 and the State Board for Psychology as an approved provider of continuing education for licensed psychologists #PSY-0068.

Policies and Terms

Training Resources

About Us

Email: [email protected]

Customer Service Hours: M-F 9AM-3PM PST

Address:
Person Centered Tech Incorporated
PO Box 42494
Portland, OR 97242

Where's our phone number?

Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss