Skip to content
Contact support
  • There are no suggestions because the search field is empty.

How Paubox keeps your email HIPAA compliant

Paubox encrypts every email message in transit so that PHI stays secure. Paubox ensures messages are sent using Transport Layer Security (TLS) 1.2 or higher to deliver encrypted messages to your recipients. This meets HIPAA requirements for securing PHI in transmission and does not require any additional steps from your users or the recipient.

 

How encryption works when sending email

  1. Send an email as usual: Compose and send messages directly from Google Workspace or Microsoft 365, no extra apps or plugins required.

  2. Paubox encrypts the message with TLS 1.2 or higher: TLS protects the email while it is traveling across the internet. This ensures the message cannot be read or intercepted in transit.

  3. The message is delivered directly to the recipient’s inbox: If the recipient’s mail server supports TLS, the email arrives just like a normal email with no extra steps to open or view it.

 

When the recipient’s server does not support TLS

If the recipient’s mail server cannot accept encrypted email, Paubox automatically delivers the message through our Secure Message Center instead. The recipient receives an email prompting them to view the secure message.

In the Secure Message Center, the recipient can view the message, download any attachments, and reply. Their reply and any attachments they upload will be encrypted and sent to you. 

This ensures that every message is encrypted, regardless of the recipient’s email system.

 

Is Paubox end-to-end encrypted?

No. Paubox encrypts email in transit with TLS so it is fully HIPAA compliant and secure, but still arrives directly in the inbox without the need for portals or key exchanges. End-to-end encryption requires extra steps and adds friction that prevents people from accessing their messages. Paubox's approach makes secure communication easier and ensures important information actually reaches the patient or recipient.

End-to-end encryption requires both the sender and the recipient to manage encryption keys or log in to a separate system to read messages. While this method is secure, it also introduces friction and makes it difficult for recipients to access their messages. 

Paubox’s approach is designed to balance strong security with accessibility:

  • TLS encryption in transit protects PHI according to HIPAA requirements

  • Direct-to-inbox delivery keeps communication simple and familiar

  • No portals or key management (as required by end-to-end encryption) reduces friction and ensures important information is received and read