HIPAA & BAA · Secure email
Is Proton Mail HIPAA compliant?
Yes. Proton states it offers BAAs to its users; you request a signed copy from Proton's legal team. BAA availability can depend on your plan, use case, and region.
Key facts
- BAA available: Yes — with a signed BAA
- What it takes: Business plans (request from Proton)
- Official source: Proton for Business — Healthcare / HIPAA — https://proton.me/business/healthcare (verified 2026-06)
How to use Proton Mail in a HIPAA-compliant way
- Subscribe to an appropriate paid Proton for Business plan.
- Review Proton's model BAA at proton.me/legal/baa-model.
- Email legal@proton.ch (subject 'HIPAA BAA') to request a validly signed copy.
- Execute the returned BAA before transmitting PHI.
- Configure Proton services and retain the signed BAA for records.
Important caveats
- Proton's official page says BAAs are offered to its users, but some third-party guides report BAAs are limited to higher business tiers — confirm your specific plan with Proton.
- Free and personal Plus accounts are not appropriate for PHI without a confirmed, signed BAA.
- BAA availability may depend on use case and region.
The bottom line
No software is "HIPAA compliant" on its own. HIPAA compliance is a property of your organization, not a tool. Even with a signed BAA, you remain responsible for configuring Proton Mail correctly, limiting access to PHI, training staff, and maintaining your own safeguards. This page is general information, not legal advice; confirm current terms with Proton Mail.
Frequently asked questions
Does Proton Mail sign a BAA?
Yes. Business plans (request from Proton) A signed BAA is required before any PHI is involved.
Is Proton Mail HIPAA compliant out of the box?
No software is "HIPAA compliant" by itself. Even when Proton Mail offers a BAA, you are responsible for signing it, configuring the product correctly, restricting access, and maintaining your own administrative, physical, and technical safeguards.
What should I check before using Proton Mail with PHI?
Proton's official page says BAAs are offered to its users, but some third-party guides report BAAs are limited to higher business tiers — confirm your specific plan with Proton.
