20 time-saving tips
Download 20 quick tips to help you spend less time on admin and more time helping your clients!

Which Hushmail for Business account is right for you?

Hushmail for Healthcare is our most popular business account helping healthcare businesses of all sizes fulfill HIPAA requirements for security and privacy. Do you know if Hushmail for Healthcare is right for you?

In recent months we’ve been highlighting Hushmail for Healthcare and Hush Secure Forms in our blog. Hushmail for Healthcare is our most popular business account and for good reason. This account gives healthcare businesses of all sizes peace of mind knowing their communications with clients and patients are secure and HIPAA compliant.  

However, we understand that Hushmail for Healthcare isn’t for everyone. The Health Insurance Portability and Accountability Act (HIPAA) can be confusing, and it’s not always clear who needs to concern themselves with HIPAA. Do you know if you need to follow HIPAA guidelines and would benefit from a Hushmail for Healthcare account? Or would one of our other accounts meet your requirements?

In today’s post, we’re going to explain a little about HIPAA-covered entities and Business Associate Agreements (BAAs) and then lay out the key features of our Hushmail for Healthcare account so you can determine if this is the right account for you. We’ll also explain the highlights of our other accounts, and help you decide if one of these accounts would suit you better.

By the end of this post, you’ll know exactly where you fit in the Hushmail family.

What is a HIPAA-covered entity?

HIPAA was signed into law in 1996 to help ensure privacy of health information, security of electronic records, more efficient administration, and insurance portability. Since HIPAA became law, healthcare organizations and providers have been learning best practices to achieve compliance with the rules. It’s been a long road, and many healthcare organizations still aren’t getting it right.

2018 was a record-breaking year for HIPAA enforcement with settlements totaling $28.7 million, $5.2 million more than 2017.  

The good news is that for small- and medium-sized practices, it’s much easier than it is for larger organizations to control how the electronic protected health information (ePHI) you handle is collected, stored, and transferred; Hushmail provides communication services that can help.

Let’s figure out if HIPAA applies to you. According to HHS, a HIPAA-covered entity is a health care provider, a health plan, or a health clearinghouse. Take a look at the HHS table below:

A covered entity is one of the following:

A health care provider

This includes providers such as:

  • Doctors
  • Clinics
  • Psychologists
  • Dentists
  • Chiropractors
  • Nursing Homes
  • Pharmacies

...but only if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard.

A health plan

This includes:

  • Health insurance companies
  • HMOs
  • Company health plans
  • Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs

A health care clearinghouse

This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.



If you still aren’t sure you’re a covered entity, the Covered Entity Guidance tool, provided by the Centers for Medicare & Medicaid Services (CMS), will walk you through a series of questions to help determine your status.

How Hushmail for Healthcare Supports HIPAA-covered entities

If you’re a HIPAA-covered entity, our Hushmail for Healthcare account supports your HIPAA compliance in three ways.

Encryption (email and web forms). The HIPAA Security Rule allows electronic transmission of ePHI as long as you satisfy the requirements to make sure the information is secure. A reliable, encrypted email and web forms service allows you to take advantage of the benefits of online communication, while helping you to stay in compliance with HIPAA and ensuring peace of mind for you and your patients.

Archived emails. HIPAA has retention requirements around your compliance and privacy policies requiring you to retain documentation such as policies and procedures, security risk analyses, and complaint and resolution documentation for six years.

Hushmail’s separate archive account ensures that you have a record of all the communications that took place within your domain and helps to provide evidence of your compliance in the event of an audit. Also, if a client or a court requires particular records, the archive provides easy access to every interaction.

A Business Associate Agreement (BAA). Did you know that HIPAA requires a BAA from every service provider you use that could be exposed to your patients’ PHI? While the HIPAA Privacy Rule establishes the standards that healthcare organizations need to follow to protect PHI, it only applies to covered entities such as your practice. Most likely you rely on third parties that aren’t HIPAA-covered entities to carry out a variety of services from accounting to email.

Fortunately, you’re permitted to disclose PHI to these third parties, known as “business associates,” as long as they agree to accept responsibility for taking appropriate safeguards and complying with the HIPAA requirements to prevent the use or disclosure of the PHI. This acceptance is documented in a BAA, which you are required to obtain from any third party that potentially could be exposed to your patients’ PHI.

When you sign up for a Hushmail for Healthcare account, you will be asked to sign a BAA. Once the BAA has been signed by both parties, responsibility for protecting the PHI sent through Hushmail services is transferred from you to Hushmail, fulfilling your legal obligation under HIPAA.

Is Hushmail for Healthcare right for you?

Are you a HIPAA-covered entity?

_____ Yes. A Hushmail for Healthcare account is your best-fit account.
_____ No. A different Hushmail account might be a better choice for you. Read on to learn more.

Hushmail for Small Business

If you have a small business, and you know that you’re not a HIPAA-covered entity, Hushmail for Small Business might be the perfect account. It includes encrypted email, email archiving, email aliases, and the option to use your own domain name.

Is Hushmail for Small Business right for you?

Are you a small business, but not a HIPAA-covered entity, attorney, or nonprofit organization?

_____ Yes. Hushmail for Small Business is the Hushmail account for you. Sign up today and try it out for 60 days.
_____ No. Hushmail for Healthcare or Hushmail for Law might better suit your needs. Read on to learn more.

Hushmail for Law

Attorneys require special consideration when it comes to their communications. Confidentiality is paramount, and a Hushmail for Law account supports the claim of attorney-client privilege for attorneys practicing in the US, UK, and Canada, with a signed agreement providing extra protection of your client communications. Additionally, the account includes email archiving to help you document emails as part of your files.  

Is Hushmail for Law right for you?

Are you an attorney practicing in the US, UK, or Canada?

____ Yes.  Hushmail for Law is the right account for you.
____ No. Consider Hushmail for Small Business or read about Hushmail for Nonprofits below to discover your best-fit account.

We hope this post has helped clarify how Hushmail can best help your business. All Hushmail accounts include at least 10 GB of storage, industry-standard OpenPGP encryption, mobile/desktop access, and dedicated customer support.

We’d love to welcome you into the Hushmail family. Why not call today and let one of our Customer Care Specialists help you set up an account?

 Hushmail provides several different accounts that provide encrypted email and web forms tailored for specific industries. Our most popular account, Hushmail for Healthcare, is the perfect account for healthcare businesses. However, if you aren’t a HIPAA-covered entity, a different account might be a better fit.

Similar posts