HIPAA Compliant Solutions

Keeping your network secure can be challenging, but when you add in HIPAA compliance and SOC regulations into the mix it can be difficult to know what tools are right for your environment.

When employees are sending messages to clients and patients, how do you ensure that the emails and data generated remain compliant? We look at some of the top HIPPA compliant software solutions for patient management in 2021.

Here is the list of the best HIPAA compliant solutions:

  1. Files.com EDITOR’S CHOICE A file storage, sharing, and transfer service that is HIPAA compliant. Unlike many file storage services, Files.com supplies customers with a Business Associate Agreement to enforce HIPAA compliance.
  2. RapidFireTools Compliance Manager Geared towards IT departments and MSPs, Compliance Manager focuses on automating compliance documentation, and proactively scanning the network to find HIPAA violations, while offering action steps to get those issues corrected.
  3. GFI FaxMaker An on-premises standalone tool that provides HIPAA compliant internet-based faxes
  4. Sendinc A Microsoft Outlook plugin that encrypts emails, ideal for HIPAA compliance.
  5. Mitel HIPAA-Compliant Phone Systems Mitel’s vast network of data centers and cloud-based applications put them high up on this list.
  6. Doxy.me Telemedicine application that easily allows patients to schedule online appointments with their doctors.
  7. Tiger Connect Telemedicine application that leverages SMS to secure an encrypted connection between doctors and their patients.
  8. Carbonite A cloud-based backup solution that incorporates HIPAA friendly protocols to keep network shares secured and compliant.
  9. Paubox An mail encryption service that provides automatic secure email with zero steps needed from either the sender or the recipient.
  10. RingRx Simple platform that offers a secure faxing, VoIP, chat, and video package for any sized business.
  11. UpDox A clinical focused CRM that blends secure patient communication with access to medical records, internal communication, and payment processing.

The best HIPAA compliant software solutions

1. Files.com (FREE TRIAL)

Files - Users view

Files.com is a file management system. It provides storage space, it also offers an SFTP server to transfer files to other businesses, and it can work as a central shared space for document collaboration.

The Files.com system is a cloud service. In terms of legal responsibility for any loss of data under HIPAA, services such as Files.com present a tricky problem. On the one hand, this is just a storage solution and file handling service – it is a tool and so isn’t responsible for the data of its users much in the way that a filing cabinet or an email system would be. However, data is held on the servers owned by Files.com and so, under HIPAA, the service could be held responsible for the safety of any personal information stored on its premises.

Many service providers claim that HIPAA doesn’t apply to them, thus dodging any responsibility. Unfortunately, this is a short-term fudge in order to win customers and when legal scrutiny is focused on these business relationships, everyone gets fined for non-compliance.

Files.com addresses the issue of co-responsibility for data security. Access controls are provided in the form of encrypted storage and access credentials that integrate two-factor authentication. None of the Files.com technicians are able to break into an account and access the data. So, while Files.com is responsible for the physical statuses of its servers, the customer still holds the reigns in terms of logical access.

Similarly, data in the process of being transferred is protected by encryption and session security. The protection of connections is the responsibility of Files.com and is offered as part of the file management service. However, the decision over where files are sent is entirely the responsibility of the customer.

That shared responsibility for data confidentiality and security is spelled out in a Business Association Agreement (BAA), which is part of the documentation set that is created when a company opens up an account with Files.com. The BAA is worded and structured in full compliance with the requirements of HIPAA, the HITECH Act, and the Omnibus rule that binds those two data protection guidelines together. Any company in the Health sector that uses Files.com will need to show that BAA to a compliance office when undergoing an audit.

The Files.com service is easy to use and creating an account is a straightforward service. You can try the service without obligation before fully committing by taking advantage of the Files.com 7-day free trial.

Core Features:

  • Access controls
  • Encryption in transit
  • Encryption protected storage
  • HIPAA-compliant BAA
  • 7-day free trial


Files.com is our top choice for a HIPAA compliant solution because the Cloud-based service has all of the legal problems of shared responsibility sorted out. Outsourced services create a headache when dealing with personal information in the US Health sector but Files.com has put in place all of the procedures and paperwork to pass any HIPAA compliance audit.

Get 7-day free trial: files.com/signup

OS: Cloud based SaaS

2. RapidFireTools Compliance Manager

RapidFireTools HIPAA Assesment Site screenshot

MSPs may find maintaining HIPAA compliance on their networks a challenge. Even when following best technical practices it can be hard to produce documentation and monitor the network in real-time for any violations. To solve this problem, RapidFireTools has developed Compliance Manager.

Built with network administrators in mind, Compliance Manager takes the lead by automatically generating documentation and proof that your client is maintaining compliance. In addition to documentation, Compliance Manager will scan your network and report back any non-compliance issue it discovers, along with a recommended plan of action.

RapidFireTools Reports List

In the event of an audit, Compliance Manager saves all of your documentation to one place making it easy to respond to any requests an auditor may have. As a network administrator or MSP, this tool takes the headache out of HIPAA and makes it easy to see the value for both you and your client.

You can request a demo of Compliance Manager for free. Pricing for the HIPAA compliance module starts at $199.00 (£159.27) per month, with most additional modules starting at $79 (£63.23) per month.

Core features:

  • Automated compliance documentation.
  • Real-time network scanning.
  • Automatic storage of compliance reports.
  • Non-compliance reports and suggested remediation.
  • Easy to use interfaces across all products.

RapidFireTools Compliance Manager is our top choice for HIPAA system manager because it automates compliance documentation as it enforces security protection. The Compliance Manager is a particularly useful system for managed service providers that also need to generate SLA compliance documentation. The compliance failure detection in the tool is a great guide to areas of the system that need immediate attention.

Download: rapidfiretools.com/products/compliance-manager

3. GFI FaxMaker


If your organization is looking for a secure modern solution to faxing, GFI FaxMaker has you covered. For years GFI has provided a number of tools to the healthcare industry, and now this extends into HIPAA compliance faxing.

GFI FaxMaker provides your organization with a range of new options for sending and receiving PHI and other sensitive information safely, and conveniently. Traditional fax machines may not physically be secured in your office, or may suffer from a hardware failure that can leave your office dead in the water.

FaxMaker encapsulates fax messages and transmits them securely over the internet by integrating with your mail server. FaxMaker can automatically route faxes to a specific mailbox and you can delegate access to that mailbox based on your own security policies. With internet faxing in place you won’t have to worry about faxes sitting out in the open, or manually moving them into a secure location.

FaxMaker can integrate into an Active Directory environment and allow for pre-programmed faxing destinations. This minimizes the margin of error when sending faxes and is the preferred way of sending faxes among most healthcare organizations.

You’ll also have the option to enable send and receive receipts to let you know when your fax has arrived. This same feature can also let you know if a line is busy, or if there were any problems delivering your fax, such as a busy line or connection issue internally.

GFI FaxMaker is available only for Windows Server 2008-2019 environments. The application is incredibly lightweight and easy to manage. The only additional piece of hardware you’ll need to get up and running is a business fax modem. A list of all compatible hardware can be found on their site.

The standalone product for small businesses between 10-49 users can expect to pay $72.00 (£57.58) per user, per year. Larger organizations can expect to pay slightly less per user depending on size.

GFI Faxmaker is available as a free trial to see if internet faxing is right for your business.

Core features:

  • Fax confirmation and receive notifications
  • Lightweight installation and requirements.
  • Compatible with almost all fax modems.
  • Priced competitively with similar products.
  • Allows for programmable one push faxing.
  • Integrates with your existing contact list

4. Sendinc

Sendinc Email composition screenshot

Sendinc is an email encryption tool that enables you to send secure messages right from your email application. When enabled, the program automatically uses military-grade encryption to secure your email so that only the recipient can read it. This is ideal for HIPAA compliance and provides an alternative to faxing PHI between facilities. Sendinc can be deployed as an add-in for Microsoft Outlook, making it lightweight and easy for everyone in the office to use.

Under the settings, you’ll have the option to default all your email as encrypted, or only the messages you choose. Sending an encrypted email is as easy as checking the “Send Secure” button next to your email in Outlook.

One of the best features of Sendinc is that recipients do not need any software on their end to receive encrypted emails. By simply creating a free account and having access to the link, they are able to decrypt and read the message.

Sendinc is an excellent tool if you’re looking to just focus on the email side of HIPAA compliance. Its ease of use and flexibility makes it stand out from other software that requires installation and configuration before use.

You can test out Sendinc for free to secure your emails. Plans start at $48.00 (£38.52) a year for additional features such as increased emails per day, unlimited message retention, and custom message expatriation. Try Sendinc for free.

Core features:

  • 256-bit military-grade encryption.
  • No installation required.
  • Easy to use Outlook plugin.

5. Mitel HIPAA Compliant Phone and Cloud Solutions

Mitel Dashboard

Mitel is a widely known and trusted name in the communication industry, so it’s no surprise that they have an entire cloud-based infrastructure dedicated to serving its customers who must follow HIPAA and SOC regulations.

Mitel ensures any and all voice communications are routed through secure channels that abide by the HIPPA Security Rules. Mitel’s vast network of cloud-based data centers provides peace of mind when it comes to your organization’s uptime, and the ability to effectively communicate across multiple healthcare facilities.

Mitel’s HIPAA services extend across all mediums of communication and encompass tools such as voicemail, live video, email, and instant secure messaging. Mitel is our number one choice not just because of its ease of use, but because Mitel provides a suite of services that cater to many of the challenges that Primary care facilities face.

For organizations that are looking to securely share electronic records with patients, Mitel’s HIPAA based solution allows for you to securely share surveys and other post-discharge tasks with your patients. Mitel’s cloud can manage and automate your Hospital Consumer Assessment of Healthcare Providers and management Systems (HCAHPS) online medical forms right from their servers in secure data centers.

One of the major benefits of having a cloud-based provider is that there are no costly hardware installations or need for ongoing maintenance. Depending on how many employees your organization has, an on-premise solution can get costly fast. Thankfully, Mitel’s cloud base solutions don’t require any additional hardware outside of phones and can operate over your existing PBX or internet lines.

With much of your communications infrastructure offsite, having solid customer support and fast response time is paramount. Upon testing, we found that you can get a hold of a representative right away who will collect your information, and then have a specialist call you back within 15 to 30 minutes.

Mitel’s pricing will vary depending on your organization’s size and needs but you can expect to pay anywhere from $21.00 (£16.80) to $39.00 (£31.20) per user if your office has between 50-100 employees. For the most accurate pricing information, you can contact their support team.

Core features:

  • Cloud and on-premises options for healthcare facilities.
  • Different HIPAA solutions for multiple forms of communication.
  • Available for both VoIP and PBX phone systems.
  • Fast and responsive customer service.
  • A comprehensive multi-channel solution.

6. Doxy.me

doxy_me obtaining patient signature screenshot

Doxy.me is a telemedicine software built with HIPAA compliance at it’s foundation. Doxy.me allows secure communication between patients, providers, and clinics. Each connection is secured with 128-bit encryption to ensure that privacy is always maintained. Communications through Doxy.me are HIPAA, GDPR, and PHIPA compliant.

The practice management system can use special links that are sent to patients by their doctor to establish a connection and consult with their physician in just a few clicks. For people looking to schedule a video conference with their doctor, no account or download is needed. According to a study by Clemson University, Doxy.me was found to be one of the easiest telemedicine apps to use for both patients and medical professionals.

Doctors can use the live chat feature to utilize both text messaging and video conferencing at the same time, making this one of the most flexible telemedicine apps on the market. On the back end, doctors can also view their patient queue to see who has already checked in, and who hasn’t arrived yet. This allows doctors to move their schedule around, and toggle between patient information quickly and efficiently.

Doxy.me’s flexibility extends to both small and large clinics alike by providing a Business Associate Agreement to all of its accounts, even its free version. The clinic plan allows for customized branding, landing pages, and even unique sub-domains. Additional features such as admin control and room access are also available to help manage different facilities needs for secure telecommunications.

With so many other options available, Doxy.me really shines in the medical space where other programs fall short. The attention to detail, security standards, and added features make Doxy.me a solid choice when it comes to choosing a HIPAA compliant video conferencing solution.

You can try Doxy.me for free. There are two levels of their paid plans, Professional which starts at $29.00 (£23.28) and Clinic which starts at $50.00 (£40.13). The Clinic plan does have a one-time setup free of $300.00 (£240.78).

Core features:

  • Easy to use for both doctors and patients.
  • Scalable for both small and large healthcare providers.
  • No accounts or downloads required.
  • No contracts, cancel anytime.
  • Customizable landing pages and branding.

7. Tiger Connect

TigerConnect chat patient doctor screenshot

Tiger Connect is a secure HIPAA compliant secure messaging app that helps bring patients and medical professionals together through the convenience of texting. Traditionally texting is an insecure form of communication, but with Tiger Connect web-based component patients can easily join a telemedicine session from a link via SMS.

This telemedicine service eliminates the back and forth of phone tag and allows patients to view their personal health information or share video and images with their doctor in a safe encrypted environment. With this new level of speed and security, patients no longer have to wait for a follow-up call, or make another commute to a doctor’s office.

Tiger Connect provides a small suite of software tools to enable doctors and physicians to treat their patients with an unmatched level of flexibility. Tiger Connect also provides a secure and familiar platform for doctors and clinicians to communicate with one another and share protected health information internally. See who’s on call, which doctors are currently treating patients, and who is assigned to specific duties and roles right from the Tiger Connect app.

Currently, Tiger Connect does not offer a free download but does have the option to request a demo. Pricing for Tiger Connect starts at $10.00 (£8.04) a month per user.

Core features

  • Ease of use, familiar user interface.
  • Internal office communication between doctors.
  • Role based user organization.
  • For both Android and Apple.

8. Carbonite

Carbonite Backup screenshot

If you’re looking to provide your office with file backups and disaster recovery that is still HIPAA compliant, Carbonite is a great solution.

Carbonite Pro is more appropriate for organizations with 25 or more computers and at least one server. This plan allows for 250 GB of HIPAA compliant storage that can backup individual PCs, external drives, and Network Attached Storage (NAS).

Carbonite Pro comes with a number of features that are particularly useful for HIPAA compliant environments such as protection from accidental deletion, hard drive failures, viruses, and ransomware. Data backed up by Carbonite Pro is protected with 128-bit level encryption.

The Carbonite Server Backup plan is more geared for saving and backing up entire snapshots of server environments. The Safe Server plan has all the same features as Carbonite Pro with the added benefit of having the ability to restore physical and virtual servers to a bare metal server. All data is backed with 128 or 256-bit level encryption offering both data protection in transit and at rest.

Carbonite requires one year to be paid upfront for both plans. Carbonite Pro starts at $287.99 (£231.41) annually. Carbonite Safe Server costs start at $600.00 (£482.12) a year. The Safe Server plan does have a more advanced plan that incorporates 7 years of flexible retention and cloud failover for $1764 (£1417) every year. Check out the Carbonite Backups Plans.

Core features

  • No hassle HIPAA compliant file backups.
  • Flexible options for both endpoints, devices, and servers.
  • 128 and 256-bit encryption.
  • Cloud failover and 7-year data retention.

9. Paubox

Paubox HIPAA Compliant email

Paubox is an email encryption software that works without the use of a login, plugin, or any user interaction whatsoever. This allows your organization to send secure HIPAA emails from their email server without the need for a patient portal or any form of training.

Paubox works by automatically securing your organization’s email traffic with 128/256-bit AES encryption. The email is secured in transit straight to the recipient’s inbox for end-to-end encryption. Paubox requests the mail server to open a TLS connection to accept the secured email. In the rare case that the recipient’s email cannot do this, a link will be delivered to view the message and any attachment in Paubox’s secure web app. Any replies back to the sender are also encrypted.

Paubox is unique in the fact that it requires no interaction with the end-user whatsoever. This eliminates the need for training or additional support tickets in your organization. You can operate Paubox for free but additional features start at $10.00 (£9.15) a month per user. Try Paubox for free.

Core features:

  • No logins, downloads, or training required.
  • Competitive pricing.
  • Supports TLS connection failover.
  • Works with any mail server.

10. RingRx

RingRx Website Screenshot

RingRx focuses on providing a holistic solution to HIPAA compliant communication. Their primary service is providing compliant VoIP services for small to medium-sized clinics. RingRx allows for secure phone calls from both the office and call forwarding to your cell phone. RingRx also includes internet faxing, text messaging, and visual voicemails from its mobile app that’s available for both Android and iPhone.

The pricing model for RingRx is simple and starts at $15.00 (£12.01) a month per user. If you want to take advantage of their other services outside of VoIP, the $19.00 (£15.21) a month plan encompasses texting, web fax, fax number, and voicemail transcription.

RingRx makes its services and pricing structure simple. This ensures small clinics are never paying for what they don’t need while staying in touch and HIPAA compliant. They offer a free trial.

Core features:

  • Simple three-tier pricing.
  • Mobile app for both Android and iPhone.
  • Geared for small to medium-sized clinics.

11. Updox

Updox Patient Portal screenshot

Updox is a certified telehealth solution that functions more like a customer relationship management (CRM) tool. It allows for patient communication via HIPAA compliant secure text, video chat, and VoIP. Updox stands apart from most tools by integrating into a vast network of electronic health record databases that serve over 300,000 users.

Healthcare professionals have the ability to schedule appointments, follow-ups, and appointment reminders all from one dashboard. While most telemedicine platforms focus only on clinics and private practices, Updox has specific tools and core features that cater to the needs of pharmacies as well. Updox can even serve as a payment portal for your clients, allowing you to securely accept credit card transactions within your management system.

Core features such as electronic document signing, electronic fax, and access to the Updox directory. The Updox directory contains over 1.5 million addresses of verified healthcare providers, allowing your office to build out its referral network to better serve your patients.

Prices range from $35 to $65 per user. For the most accurate pricing for your organization, you can request a 30-minute demo of the Updox system.

Core Features:

  • Multi-device support
  • Remote and secure patient communication

Choosing a HIPAA Compliant Software Solution

With so many different tools and solutions to choose from, it’s important to know which ones are built with HIPAA compliance in mind. Whether you’re looking to secure your entire business with Mitel’s cloud solution, or just need to send secure internet faxes with GFI FaxMaker, using the right tool can make all the difference when it comes to protecting your patient’s personal health information.

HIPAA Compliance FAQ

Is Zoom HIPAA compliant in 2020?

Yes. Zoom is HIPAA compliant. This makes it suitable for use by businesses in the health sector. However, the compliant business needs to enter into a business associate agreement with Zoom prior to using the platform and follow HIPAA guidance on secure usage when using Zoom.

What is the best chat voice video API solution for Telehealth?

Check out the following chat apps for Telehealth:

  1. Snap Engage
  2. Lua
  3. DrFirst
  4. OhMD
  5. Q-municate

These are all HIPPA compliant.

What are the three rules of HIPAA?

There are many rules in HIPAA – many more than three. A rule is a set of standards, a little like categories or chapters. There are also more than three rules in the entire HIPAA system. There are three aspects to security safeguards in HIPAA, which are administrative, physical, and technical.

What is the most common HIPAA violation?

The hardest HIPPA violation to control, and therefore the most common, is gossip. Health workers talking about patient circumstances or events surrounding treatment becomes a violation when that information is passed to people who aren’t directly involved in the treatment. Verbal communication outside of the healthcare premises is almost impossible to monitor, prevent, or admit.