Best HIPAA Compliant Solutions

Keeping your network secure can be challenging, but when you add in HIPAA compliance and SOC regulations into the mix it can be difficult to know what tools are right for your environment.

When employees are sending messages to clients and patients, how do you ensure that the emails and data generated remain compliant? We look at some of the top HIPAA compliant software solutions for patient management.

Here is the list of the best HIPAA compliant solutions:

  1. EDITOR’S CHOICE A file storage, sharing, and transfer service that is HIPAA compliant. Unlike many file storage services, supplies customers with a Business Associate Agreement to enforce HIPAA compliance.
  2. ExaVault (FREE TRIAL) This cloud storage package with secure file transfer utilities is delivered with physical and procedural security and provides a BAA for HIPAA compliance.
  3. Perimeter 81 (ACCESS FREE DEMO) This network security service for hybrid systems offers application access control that provides HIPAA-compliant protection and event logging.
  4. Compliance Manager GRC Geared towards IT departments and MSPs, Compliance Manager focuses on automating compliance documentation, and proactively scanning the network to find HIPAA violations, while offering action steps to get those issues corrected.
  5. GFI FaxMaker An on-premises standalone tool that provides HIPAA compliant internet-based faxes
  6. Sendinc A Microsoft Outlook plugin that encrypts emails, ideal for HIPAA compliance.
  7. Mitel HIPAA-Compliant Phone Systems Mitel’s vast network of data centers and cloud-based applications put them high up on this list.
  8. Telemedicine application that easily allows patients to schedule online appointments with their doctors.
  9. Tiger Connect Telemedicine application that leverages SMS to secure an encrypted connection between doctors and their patients.
  10. Carbonite A cloud-based backup solution that incorporates HIPAA friendly protocols to keep network shares secured and compliant.
  11. Paubox An mail encryption service that provides automatic secure email with zero steps needed from either the sender or the recipient.
  12. RingRx Simple platform that offers a secure faxing, VoIP, chat, and video package for any sized business.
  13. UpDox A clinical focused CRM that blends secure patient communication with access to medical records, internal communication, and payment processing.

The best HIPAA compliant software solutions

What should you look for in a HIPAA compliant system for your business? 

We reviewed the market for data management systems that reinforce HIPAA compliance and analyzed tools based on the following criteria:

  • A system that enforces user account requirements for data access
  • Logging that identifies the user responsible for each action on data
  • System security to prevent data theft
  • Behavior analysis to identify account takeover or insider threats
  • Controls for data movement
  • A free trial or a demo package so you can fully examine the service before buying
  • Value for money from a competent service that is fully compliant with HIPAA

With these selection criteria in mind, we looked for reliable systems that will provide good data management functions together with thorough logging and activity tracking functions.


Files - Users view is a file management system. It provides storage space, it also offers an SFTP server to transfer files to other businesses, and it can work as a central shared space for document collaboration.

Key Features:

  • Access Controls: Create user accounts on the platform
  • Encryption in Transit: 2048-bit RSA TLS and SSH options
  • Encryption-Protected Storage: Uses 256-bit AES encryption
  • HIPAA-Compliant: Provides a signed Business Associate Agreement
  • Supports Secure File Transfers: SFTP or HTTPS

Why do we recommend it? is a secure file-sharing and collaboration system. Each user of a subscribing business gets an account space on the platform and then either grants file access to colleagues or sends access invites by email to outsiders. Businesses following HIPAA can get a BAA for compliance.

The system is a cloud service. In terms of legal responsibility for any loss of data under HIPAA, services such as present a tricky problem. On the one hand, this is just a storage solution and file handling service – it is a tool and so isn’t responsible for the data of its users much in the way that a filing cabinet or an email system would be. However, data is held on the servers owned by and so, under HIPAA, the service could be held responsible for the safety of any personal information stored on its premises.

Many service providers claim that HIPAA doesn’t apply to them, thus dodging any responsibility. Unfortunately, this is a short-term fudge in order to win customers and when legal scrutiny is focused on these business relationships, everyone gets fined for non-compliance. addresses the issue of co-responsibility for data security. Access controls are provided in the form of encrypted storage and access credentials that integrate two-factor authentication. None of the technicians are able to break into an account and access the data. So, while is responsible for the physical statuses of its servers, the customer still holds the reigns in terms of logical access.

Similarly, data in the process of being transferred is protected by encryption and session security. The protection of connections is the responsibility of and is offered as part of the file management service. However, the decision over where files are sent is entirely the responsibility of the customer.

That shared responsibility for data confidentiality and security is spelled out in a Business Association Agreement (BAA), which is part of the documentation set that is created when a company opens up an account with The BAA is worded and structured in full compliance with the requirements of HIPAA, the HITECH Act, and the Omnibus rule that binds those two data protection guidelines together. Any company in the Health sector that uses will need to show that BAA to a compliance office when undergoing an audit.

Who is it recommended for? can be the primary file store for a business, for syncing, or for a “store and forward” function. This is a good solution for scattered teams that work out of different branch offices or work from home and also simplifies file access for roaming workers, such as a sales force.


  • Built-in HIPAA Management Tools: Provides auditing, access control, and encryption
  • Scalable Solution: Suitable for both small businesses and enterprises alike
  • Users Control Access: Invite others to view or edit documents
  • Link Invite for Access by Outsiders: Access rights can be set to expire or revoked
  • Integrations into Other Cloud-Based Storage Options: Connects to Dropbox, Google Drive, and OneDrive


  • 7-day Free Trial: Would like to see a longer trial period

The service is easy to use and creating an account is a straightforward service. You can try the service without obligation before fully committing by taking advantage of the 7-day free trial.

EDITOR'S CHOICE is our top choice for a HIPAA compliant solution because the Cloud-based service has all of the legal problems of shared responsibility sorted out. Outsourced services create a headache when dealing with personal information in the US Health sector but has put in place all of the procedures and paperwork to pass any HIPAA compliance audit.

Get 7-day free trial:

OS: Cloud based SaaS

2. ExaVault (FREE TRIAL)


ExaVault is a cloud service that provides a file server and secure file transfer utilities. The system is delivered from owned hardware housed in secure locations that are ISO 27001 certified and SOC 2 Type 1 and 2 compliant. These security attributes are exactly what you need if you need to enforce strong data security for HIPAA compliance.

Key Features:

  • A Secure Cloud File Server: A SaaS package
  • User Controls: Link-based access invites
  • Activity Logging: File access monitoring
  • HIPAA Compliant: Provides a Business Associate Agreement

Why do we recommend it?

ExaVault is a similar service to; it is a file storage and access sharing system. As sensitive files can be stored on the platform, the host has shared responsibility for data security. The security of the file servers follows the required standards and a BAA for HIPAA is available.

HIPAA requires you to demonstrate that you have declared all data leak events or that there haven’t been any. This proof can only be provided by extensive activity logging. The ExaVault system keeps all of your files on its servers and logs all access events.

Accountability is enhanced by the removal of the need to send out copies of files. Instead of transferring or emailing files, the business users of the ExaVault system can email out a link for access. This method can also be used for internal collaboration and file sharing. The user can limit access to others so that they only have read-only permission. All activity is subject to logging and the administrator can revoke access rights in an emergency.

Who is it recommended for?

You need to get the top plan in order to have the BAA, so you should be certain that you need a BAA and the other extra features of that plan before opting for ExaVault. The package is a good service for businesses with multiple sites and remote workers.


  • Secure Transfer Protocols: Receives files via SFTP and FTPS for distribution
  • Control Over Files: Users get individual file spaces
  • Access Security: Options for multi-factor authentication on user accounts
  • Process Automation: Connect to Webhooks


  • No Free Tier: A free trial is available, however

There are four plan levels for ExaVault and the highest edition, called Enterprise, offers a Business Associate Agreement (BAA), which is what businesses following HIPAA standards need to spread the legal responsibility for the storage of sensitive data. You can assess ExaVault with a 30-day free trial. Download 30-day FREE Trial

3. Perimeter 81 (ACCESS FREE DEMO)

Perimeter 81 SASE desktop

Perimeter 81 offers a combination of access controls and connection protection. This is a new form of network security for hybrid systems, so you can create access rights per user that relate to individual users and their permissions for each resource. The concept here is that each resource is isolated and requires a separate login but that access event is automated by single sign-on systems.

Key Features:

  • Connection Encryption: Implemented with VPNs
  • Access Rights Management: Integrated ARM
  • Access Event Logging: Can feed into a SIEM

Why do we recommend it?

Perimeter 81 is a platform of connection security tools that can implement Zero Trust Access (ZTA) or virtual networks, such as SASE or SD-WAN. Tools include user access rights management, which is an essential requirement for HIPAA compliance. The system is also useful for complying with PCI DSS and other data security standards.

The services of Perimeter 81 are all designed to provide HIPAA compliance. Each plan is like a toolkit and you decide how to slot together each element to create your own bespoke security solution. The system allows you to create security policies that can pile on extra scrutiny for PHI stores.

Who is it recommended for?

This is a useful security system for businesses that provide users with cloud services as well as on-premises systems. It is also good for organizations that operate virtual offices and have a lot of work-from-home or roaming workers. You don’t need network or security expertise in order to use this system.


  • Customizable Security Policies: Suitable for hybrid networks
  • Unify Sites: Create a single virtual network that covers all sites
  • Cloud Firewall: Improve system security for multiple sites and cloud platforms


  • No BAA: Use your own file server to get around that problem

Perimeter 81 is a SaaS service that is charged on a subscription rate per user, which is great for scalability. Request a demo to see how the Perimeter 81 system works

Perimeter 81 Access FREE Demo

4. Compliance Manager GRC

RapidFireTools HIPAA Assesment Site screenshot

MSPs may find maintaining HIPAA compliance on their networks a challenge. Even when following best technical practices it can be hard to produce documentation and monitor the network in real-time for any violations. To solve this problem, RapidFireTools has developed Compliance Manager.

Key Features:

  • Automated Compliance Documentation: Storage of compliance reports
  • Multiple Standards Compliance: Manage several standards simultaneously
  • Non-Compliance Reports: Provides remediation suggestions

Why do we recommend it?

Compliance Manager GRC manages the process of getting a system into compliance with HIPAA, PCI DSS, GDPR, NIST CSF, CIS CFC, CMMC, NY DFS, Cyber Insurance, and Cyber Essentials. The tool provides a risk assessment and then recommends steps to get compliant. It also verifies systems and generates compliance reporting.

Built with network administrators in mind, Compliance Manager takes the lead by automatically generating documentation and proof that your client is maintaining compliance. In addition to documentation, Compliance Manager will scan your network and report back any non-compliance issue it discovers, along with a recommended plan of action.

RapidFireTools Reports List

In the event of an audit, Compliance Manager saves all of your documentation to one place making it easy to respond to any requests an auditor may have. As a network administrator or MSP, this tool takes the headache out of HIPAA and makes it easy to see the value for both you and your client.

Who is it recommended for?

Any business that does business with the general public in Europe, takes payment by credit or debit cards, or is involved in the US Health sector will need to prove compliance with a data protection standard. This tool is a good choice for those companies but is particularly beneficial for any company that doesn’t have a GRC officer.


  • Caters to Larger Organizations: Also good for managed service providers
  • Compliance Scores: Gives a number that indicates progress toward compliance
  • Automated Compliance Scans:  Covers user accounts, endpoint configurations and network protocols


  • No Free Trial: Access a demo

You can request a demo of Compliance Manager for free. Pricing for the HIPAA compliance module starts at $199.00 (£159.27) per month, with most additional modules starting at $79 (£63.23) per month.

Compliance Manager GRC automates compliance documentation as it enforces security protection. The Compliance Manager is a particularly useful system for managed service providers that also need to generate SLA compliance documentation. The compliance failure detection in the tool is a great guide to areas of the system that need immediate attention.


5. GFI FaxMaker


If your organization is looking for a secure modern solution to faxing, GFI FaxMaker has you covered. For years GFI has provided a number of tools to the healthcare industry, and now this extends into HIPAA compliance faxing.

Key Features:

  • Fax Confirmation: Receive notifications
  • Widely Compatible: Interfaces with almost all fax modems
  • Programmable: Allows for one push faxing

Why do we recommend it?

GFI FaxMaker is a protection system for faxes. If you still rely on faxes for your business, you can send and receive them with endpoints rather than fax machines. The package imposes encryption on transmissions to secure sensitive information and ensure compliance with HIPAA and other data protection standards.

GFI FaxMaker provides your organization with a range of new options for sending and receiving PHI and other sensitive information safely, and conveniently. Traditional fax machines may not physically be secured in your office, or may suffer from a hardware failure that can leave your office dead in the water.

FaxMaker encapsulates fax messages and transmits them securely over the internet by integrating with your mail server. FaxMaker can automatically route faxes to a specific mailbox and you can delegate access to that mailbox based on your own security policies. With internet faxing in place you won’t have to worry about faxes sitting out in the open, or manually moving them into a secure location.

FaxMaker can integrate into an Active Directory environment and allow for pre-programmed faxing destinations. This minimizes the margin of error when sending faxes and is the preferred way of sending faxes among most healthcare organizations.

You’ll also have the option to enable send and receive receipts to let you know when your fax has arrived. This same feature can also let you know if a line is busy, or if there were any problems delivering your fax, such as a busy line or connection issue internally.

GFI FaxMaker is available only for Windows Server 2008-2019 environments. The application is incredibly lightweight and easy to manage. The only additional piece of hardware you’ll need to get up and running is a business fax modem. A list of all compatible hardware can be found on their site.

Who is it recommended for?

This tool provides the ability to create a protected account for fax management instead of leaving them on a machine in the office. Paper documents can be legally stored in digital format, so there is no need to hold fazes on paper – they are not the original documents anyway.


  • Modernizes Fax Formats and Faxing Procedures: Implements HIPAA compliance
  • Access Controls: Limit the service to specific user accounts
  • Volume-Based Pricing: Discounts are available


  • Focuses Solely on Faxing: You will need to buy another package to provide compliance to your other systems

The standalone product for small businesses between 10-49 users can expect to pay $72.00 (£57.58) per user, per year. Larger organizations can expect to pay slightly less per user depending on size.

GFI Faxmaker is available as a free trial to see if internet faxing is right for your business.

6. Sendinc

Sendinc Email composition screenshot

Sendinc is an email encryption tool that enables you to send secure messages right from your email application. When enabled, the program automatically uses military-grade encryption to secure your email so that only the recipient can read it. This is ideal for HIPAA compliance and provides an alternative to faxing PHI between facilities. Sendinc can be deployed as an add-in for Microsoft Outlook, making it lightweight and easy for everyone in the office to use.

Key Features:

  • Choice of Encryption Systems: TLS or PGP
  • No Installation Required: This is a cloud-based service
  • Easy to Use Outlook Plugin: Provides end-to-end encryption

Why do we recommend it?

Sendinc provides security for emails. This tool, or one like it is important for compliance with HIPAA in which companies holding and using health-related data need to ensure that it is not stolen or misused. Email systems can be a weak link in the chain of data protection

Under the settings, you’ll have the option to default all your email as encrypted, or only the messages you choose. Sending an encrypted email is as easy as checking the “Send Secure” button next to your email in Outlook.

One of the best features of Sendinc is that recipients do not need any software on their end to receive encrypted emails. By simply creating a free account and having access to the link, they are able to decrypt and read the message.

Sendinc is an excellent tool if you’re looking to just focus on the email side of HIPAA compliance. Its ease of use and flexibility makes it stand out from other software that requires installation and configuration before use.

Who is it recommended for?

Any business that needs to comply with HIPAA, PCI DSS, GLBA, GDPR, or SOX would benefit from this email protection tool. The system is particularly well organized for protecting the Mocrosft combination of Outlook and Exchange Server. This system is easy to implement through a plug-in.


  • A Mail App: Allows users to encrypt emails
  • User can Define Default Encryption System: Can be overridden for individual emails
  • Recipients Do Not Need Special Software to Decrypt Messages: They get directed to sign up for the free Sendinc service


  • Focuses Solely on Email Encryption: You will need to buy other systems to make your enterprise HIPAA compliant

You can test out Sendinc for free to secure your emails. Plans start at $48.00 (£38.52) a year for additional features such as increased emails per day, unlimited message retention, and custom message expatriation. Try Sendinc for free.

7. Mitel HIPAA Compliant Phone and Cloud Solutions

Mitel Dashboard

Mitel is a widely known and trusted name in the communication industry, so it’s no surprise that they have an entire cloud-based infrastructure dedicated to serving its customers who must follow HIPAA and SOC regulations.

Key Features:

  • Deployment Options: Cloud and on-premises options for healthcare facilities
  • Platform-Specific Tools: Different HIPAA solutions for multiple forms of communication
  • Digital Telephone Exchange Systems: Available for both VoIP and PBX

Why do we recommend it?

Mitel HIPAA compliant phone and cloud solutions provide cost-effective VoIP telephone systems for the healthcare sector as part of the global Mitel telecommunication and call center services. The company provides managed telecommunication systems for a variety of sectors, including Healthcare and its security is HIPAA compliant.

Mitel ensures any and all voice communications are routed through secure channels that abide by the HIPAA Security Rules. Mitel’s vast network of cloud-based data centers provides peace of mind when it comes to your organization’s uptime, and the ability to effectively communicate across multiple healthcare facilities.

Mitel’s HIPAA services extend across all mediums of communication and encompass tools such as voicemail, live video, email, and instant secure messaging. Mitel is our number one choice not just because of its ease of use, but because Mitel provides a suite of services that cater to many of the challenges that Primary care facilities face.

For organizations that are looking to securely share electronic records with patients, Mitel’s HIPAA based solution allows for you to securely share surveys and other post-discharge tasks with your patients. Mitel’s cloud can manage and automate your Hospital Consumer Assessment of Healthcare Providers and management Systems (HCAHPS) online medical forms right from their servers in secure data centers.

One of the major benefits of having a cloud-based provider is that there are no costly hardware installations or need for ongoing maintenance. Depending on how many employees your organization has, an on-premise solution can get costly fast. Thankfully, Mitel’s cloud base solutions don’t require any additional hardware outside of phones and can operate over your existing PBX or internet lines.

With much of your communications infrastructure offsite, having solid customer support and fast response time is paramount. Upon testing, we found that you can get a hold of a representative right away who will collect your information, and then have a specialist call you back within 15 to 30 minutes.

Who is it recommended for?

Mitel doesn’t just provide phone systems for the Healthcare sector and it doesn’t just operate in the USA. However, if your business is in US healthcare, you will need a secure communications system that complies with HIPAA. Companies need to be careful about the security of systems such as voicemail and transcription systems.


  • Security Controls: Administrators can enforce encryption for all calls
  • HIPAA-Compliant Security: Voicemail, email, instant messaging, and live video sessions
  • Automation: Secure post-discharge forms and automated tasks


  • Console Shortfalls: Does not include robust HIPAA auditing or monitoring tools

Mitel’s pricing will vary depending on your organization’s size and needs but you can expect to pay anywhere from $21.00 (£16.80) to $39.00 (£31.20) per user if your office has between 50-100 employees. For the most accurate pricing information, you can contact their support team.


doxy_me obtaining patient signature screenshot is a tele-medicine software built with HIPAA compliance at it’s foundation. allows secure communication between patients, providers, and clinics. Each connection is secured with 128-bit encryption to ensure that privacy is always maintained. Communications through are HIPAA, GDPR, and PHIPA compliant.

Key Features:

  • Easy to Use: For both doctors and patients
  • Scalable: For both small and large healthcare providers
  • No Accounts or Downloads Required: No contracts, cancel anytime

Why do we recommend it? provides a secure video chat system for use by medical practitioners when providing consultations for their patients. The system also allows collaboration between one consultant and several members of the public and it is also possible for multiple consultants to chat with a single patient or with each other.

The practice management system can use special links that are sent to patients by their doctor to establish a connection and consult with their physician in just a few clicks. For people looking to schedule a video conference with their doctor, no account or download is needed. According to a study by Clemson University, was found to be one of the easiest tele-medicine apps to use for both patients and medical professionals.

Doctors can use the live chat feature to utilize both text messaging and video conferencing at the same time, making this one of the most flexible tele-medicine apps on the market. On the back end, doctors can also view their patient queue to see who has already checked in, and who hasn’t arrived yet. This allows doctors to move their schedule around, and toggle between patient information quickly and efficiently.’s flexibility extends to both small and large clinics alike by providing a Business Associate Agreement to all of its accounts, even its free version. The clinic plan allows for customized branding, landing pages, and even unique sub-domains. Additional features such as admin control and room access are also available to help manage different facilities needs for secure telecommunications.

With so many other options available, really shines in the medical space where other programs fall short. The attention to detail, security standards, and added features make a solid choice when it comes to choosing a HIPAA compliant video conferencing solution.

Who is it recommended for?

This service is useful for any medical practice, clinic, or hospital. There is a Free edition available, so budget should not be a bar to usage. The interface allows the transmission and storage of documents, which could create a problem with HIPAA. However, will provide a BAA to cover this.


  • Marketing Assistance: Customizable landing pages and branding
  • Secure Connections: Links patients and caregivers
  • HIPAA Compliant: Meets standards requirements


  • No HIPAA-Compliance Auditing: Compliance monitoring is a little lacking

You can try for free. There are two levels of their paid plans, Professional which starts at $29.00 (£23.28) and Clinic which starts at $50.00 (£40.13). The Clinic plan does have a one-time setup free of $300.00 (£240.78).

9. Tiger Connect

TigerConnect chat patient doctor screenshot

Tiger Connect is a secure HIPAA compliant secure messaging app that helps bring patients and medical professionals together through the convenience of texting. Traditionally texting is an insecure form of communication, but with Tiger Connect web-based component patients can easily join a tele-medicine session from a link via SMS.

Key Features:

  • Collaboration Features: Internal office communication between doctors
  • Role-Based Permissions: Simplifies user management
  • Mobile App: For both Android and iOS

Why do we recommend it?

Tiger Connect is a collaboration and messaging system that provides its own messaging apps and ties together external medical systems through an orchestration strategy. This enables the system to securely manage the flow of data on medical sites. The platform’s security measures make it HIPAA compliant.

This tele-medicine service eliminates the back and forth of phone tag and allows patients to view their personal health information or share video and images with their doctor in a safe encrypted environment. With this new level of speed and security, patients no longer have to wait for a follow-up call, or make another commute to a doctor’s office.

Tiger Connect provides a small suite of software tools to enable doctors and physicians to treat their patients with an unmatched level of flexibility. Tiger Connect also provides a secure and familiar platform for doctors and clinicians to communicate with one another and share protected health information internally. See who’s on call, which doctors are currently treating patients, and who is assigned to specific duties and roles right from the Tiger Connect app.

Who is it recommended for?

This tool is geared more toward supporting activities on healthcare premises than sharing information with secondary collaborators, such as health insurance providers. This platform operates a blend of technologies, which include messaging systems and workflow orchestration. All connections between people and between applications are protected by authentication and encryption.


  • Text Messaging: Provides secure communications
  • Connection Optimization: Eliminate phone lag
  • Live Schedule Manager: Doctors can see who’s on call, and which staff are treating which patients


  • No Free Trial: You can get a demo

Currently, Tiger Connect does not offer a free download but does have the option to request a demo. Pricing for Tiger Connect starts at $10.00 (£8.04) a month per user.

10. Carbonite

Carbonite Backup screenshot

If you’re looking to provide your office with file backups and disaster recovery that is still HIPAA compliant, Carbonite is a great solution.

Key Features:

  • HIPAA-Compliant File Backups: Operates constantly in the background
  • Cross-Platform Operations: Covers workstations, devices, and servers
  • Encryption Strength Choices: AES with a 128-bit key or a 256-bit key

Why do we recommend it?

Carbonite provides a range of backup and recovery products. The plans that include file storage on Carbonite servers have legal implications for HIPAA because the managers of sensitive data are also liable for prosecution if their external storage provider fails to secure data against theft or misuse. Carbonite provides a BAA to cover this situation.

Carbonite Pro is more appropriate for organizations with 25 or more computers and at least one server. This plan allows for 250 GB of HIPAA compliant storage that can backup individual PCs, external drives, and Network Attached Storage (NAS).

Carbonite Pro comes with a number of features that are particularly useful for HIPAA compliant environments such as protection from accidental deletion, hard drive failures, viruses, and ransomware. Data backed up by Carbonite Pro is protected with 128-bit level encryption.

The Carbonite Server Backup plan is more geared for saving and backing up entire snapshots of server environments. The Safe Server plan has all the same features as Carbonite Pro with the added benefit of having the ability to restore physical and virtual servers to a bare metal server. All data is backed with 128 or 256-bit level encryption offering both data protection in transit and at rest.

Who is it recommended for?

Data backup is an essential requirement for any business that stores data and in the case of healthcare data management, any platform or service provider that has any involvement with the storage of that data needs to prove compliance. So, the security measures and BAA of Carbonite make this a suitable PHI backup solution.


  • Offers Protection for Accidental Deletion: Restore lost files
  • Supports Network-Level Backups: Store repositories centrally
  • Cloud Failover: Replication of on-premises repositories


  • No Free Trial: Only a webinar to demonstrate Carbonite

Carbonite requires one year to be paid upfront for both plans. Carbonite Pro starts at $287.99 (£231.41) annually. Carbonite Safe Server costs start at $600.00 (£482.12) a year. The Safe Server plan does have a more advanced plan that incorporates 7 years of flexible retention and cloud fail-over for $1764 (£1417) every year. Check out the Carbonite Backups Plans.

11. Paubox

Paubox HIPAA Compliant email

Paubox is an email encryption software that works without the use of a login, plugin, or any user interaction whatsoever. This allows your organization to send secure HIPAA emails from their email server without the need for a patient portal or any form of training.

Key Features:

  • No Logins, Downloads, or Training Required: Operates through a change to system settings
  • Online Forms: Includes a form creator
  • Works with Any Mail Server: Also integrates with Salesforce CRM

Why do we recommend it?

Paubox competes with the Sendinc system because this is an email security service. The tool is also able to deliver secure appointment calendars and contact forms. The system is fully HIPAA compliant and is specifically designed for use by Healthcare providers. Paubox will issue a BAA for HIPAA compliance.

Paubox works by automatically securing your organization’s email traffic with 128/256-bit AES encryption. The email is secured in transit straight to the recipient’s inbox for end-to-end encryption. Paubox requests the mail server to open a TLS connection to accept the secured email. In the rare case that the recipient’s email cannot do this, a link will be delivered to view the message and any attachment in Paubox’s secure web app. Any replies back to the sender are also encrypted.

Who is it recommended for?

This tool is suitable for any healthcare provider. The minimum number of users for the service is five. You can use the tool to communicate with patients and also with other healthcare facilities. The tool supports the secure appointment scheduling and internal communications of any medical establishment.


  • A Spam Filter for Inbound Emails: A data loss prevention scanner for outbound emails
  • Automatically Secures Emails: Protects against malware
  • A Failover Mechanism: Sends a link to the encrypted message


  • Focuses Solely on Securing Email Messages: You will need to buy other packages for system-wide HIPAA compliance

Paubox is unique in the fact that it requires no interaction with the end-user whatsoever. This eliminates the need for training or additional support tickets in your organization. You can operate Paubox for free but additional features start at $10.00 (£9.15) a month per user. Try Paubox for free.

12. RingRx

RingRx Website Screenshot

RingRx focuses on providing a holistic solution to HIPAA compliant communication. Their primary service is providing compliant VoIP services for small to medium-sized clinics. RingRx allows for secure phone calls from both the office and call forwarding to your cell phone. RingRx also includes internet faxing, text messaging, and visual voicemails from its mobile app that’s available for both Android and iPhone.

Key Features:

  • HIPAA-Compliant VoIP System: Includes text messaging, and voicemail services
  • Suitable for All Sizes of Practices: Simple three-tier pricing.
  • Mobile App: For both Android and iOS

Why do we recommend it?

RingRx is a secure IP telephony solution that is HIPAA compliant. The service offers a contactable telephone number to each subscriber and higher plans additionally provide a fax number. The service is packaged per user so you can have many telephone numbers on this system for your practice by signing up for multiple user accounts.

The pricing model for RingRx is simple and starts at $15.00 (£12.01) a month per user. If you want to take advantage of their other services outside of VoIP, the $19.00 (£15.21) a month plan encompasses texting, web fax, fax number, and voicemail transcription.

Who is it recommended for?

This package is recommended for any healthcare provider. However, large organizations should, perhaps weigh up the cost of a regular telephone system against this tool for internal call traffic and see which provides better value. This service could be reserved for use for external communication.


  • Voicemail Inboxes: Includes automatic message transcription
  • Call Routing: Can send calls to mobile devices
  • A Signed Business Associate Agreement: Necessary for HIPAA compliance


  • Per User Pricing: No bulk deal for large companies

RingRx makes its services and pricing structure simple. This ensures small clinics are never paying for what they don’t need while staying in touch and HIPAA compliant. They offer a free trial.

13. Updox

Updox Patient Portal screenshot

Updox is a certified tele-health solution that functions more like a customer relationship management (CRM) tool. It allows for patient communication via HIPAA compliant secure text, video chat, and VoIP. Updox stands apart from most tools by integrating into a vast network of electronic health record databases that serve over 300,000 users.

Key Features:

  • Multi-Device Support: Desktop and mobile apps, and also an actual phone
  • Remote and Secure Patient Communication: Reaches out to phones outside the clinic
  • Offers CRM Functionality: Within HIPAA compliance requirements

Why do we recommend it?

Updox provides a secure video chat system for virtual consultations between doctors and patients. Other features in the system include secure web forms, appointment scheduling, and a patient self-service portal. A second plan is designed for healthcare administrators. All of these systems include fully secure access and sharing of electronic health records (EHR).

Healthcare professionals have the ability to schedule appointments, follow-ups, and appointment reminders all from one dashboard. While most tele-medicine platforms focus only on clinics and private practices, Updox has specific tools and core features that cater to the needs of pharmacies as well. Updox can even serve as a payment portal for your clients, allowing you to securely accept credit card transactions within your management system.

Core features such as electronic document signing, electronic fax, and access to the Updox directory. The Updox directory contains over 1.5 million addresses of verified healthcare providers, allowing your office to build out its referral network to better serve your patients.

Who is it recommended for?

This system is useful for frontline clinics that deal with members of the public on a daily basis. The patient communication and practice admin editions can be subscribed to in a joining plan for a discount. You don’t get a new telephone number with this system, so this tool is good for those who don’t want to have to switch numbers.


  • Secure VoIP System: Provides calls, text messaging, and video chat communications
  • Appointment Diary: Allows staff to set follow-up appointments and reminders in one place
  • Document Validation: Supports electronic document signing


  • Doesn’t Cover Emails or Faxes: You will need to buy additional systems

Prices range from $35 to $65 per user. For the most accurate pricing for your organization, you can request a 30-minute demo of the Updox system.

Choosing a HIPAA Compliant Software Solution

With so many different tools and solutions to choose from, it’s important to know which ones are built with HIPAA compliance in mind. Whether you’re looking to secure your entire business with Mitel’s cloud solution, or just need to send secure internet faxes with GFI FaxMaker, using the right tool can make all the difference when it comes to protecting your patient’s personal health information.

HIPAA Compliance FAQ

Is Zoom HIPAA compliant in 2020?

Yes. Zoom is HIPAA compliant. This makes it suitable for use by businesses in the health sector. However, the compliant business needs to enter into a business associate agreement with Zoom prior to using the platform and follow HIPAA guidance on secure usage when using Zoom.

What is the best chat voice video API solution for Telehealth?

Check out the following chat apps for Telehealth:

  1. Snap Engage
  2. Lua
  3. DrFirst
  4. OhMD
  5. Q-municate

These are all HIPPA compliant.

What are the three rules of HIPAA?

There are many rules in HIPAA – many more than three. A rule is a set of standards, a little like categories or chapters. There are also more than three rules in the entire HIPAA system. There are three aspects to security safeguards in HIPAA, which are administrative, physical, and technical.

What is the most common HIPAA violation?

The hardest HIPPA violation to control, and therefore the most common, is gossip. Health workers talking about patient circumstances or events surrounding treatment becomes a violation when that information is passed to people who aren’t directly involved in the treatment. Verbal communication outside of the healthcare premises is almost impossible to monitor, prevent, or admit.