HIPAA & BAA ยท Secure email
Is Hushmail HIPAA compliant?
Yes. All Hushmail for Healthcare plans include a signed Business Associate Agreement, which you are prompted to sign at signup.
Key facts
- BAA available: Yes โ with a signed BAA
- What it takes: Hushmail for Healthcare plans
- Official source: Hushmail for Healthcare โ https://www.hushmail.com/plans/healthcare-hipaa-compliant-email (verified 2026-06)
How to use Hushmail in a HIPAA-compliant way
- Choose a Hushmail for Healthcare plan.
- During signup, you will be prompted to sign the included BAA.
- Complete and accept the BAA as part of account setup.
- Configure secure email and web forms for handling PHI.
- Keep the executed BAA on file for your compliance records.
Important caveats
- The BAA is part of the Healthcare plans specifically; general consumer Hushmail is a different offering.
- A BAA covers the vendor relationship but you remain responsible for your own HIPAA configuration and use.
- Feature availability (e-signature, additional forms) varies by plan tier.
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring Hushmail correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with Hushmail.
Frequently asked questions
Does Hushmail sign a BAA?
Yes. Hushmail for Healthcare plans A signed BAA is required before any PHI is involved.
Is Hushmail HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when Hushmail offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using Hushmail with PHI?
The BAA is part of the Healthcare plans specifically; general consumer Hushmail is a different offering.
