We've been reaching out to dental practices in our backyard of San Francisco recently and we've run across a number of them using CarrierZone for their email service. CarrierZone has been around for a long time, as you can see from their outdated copyright notice at the bottom of their website: © carrierzone.com 1999-2005 If a dental practice is using CarrierZone for their email service and they list that email address on their website, the question naturally arises: Does Carrier Zone offer HIPAA Compliant Email?
CarrierZone and the Business Associate Agreement
We’ve covered in previous posts that a Business Associate Agreement is a written contract between a covered entity and a Business Associate. It is required by law for HIPAA compliant email. We searched the carrierzone.com website high and low for any mention of HIPAA, HIPAA Compliance, or Business Associate Agreement. As you can see from the screenshot below, CarrierZone makes no mention of HIPAA anywhere on their website. This is not a good sign if you need HIPAA compliant email protection.
Is CarrierZone Email Encrypted?
The CarrierZone website is terribly outdated. We could not find any information regarding whether or not they offer an encrypted email service. In fact, we couldn't even find a phone number or a way to contact them for support or new inquiries. The only address they made available was to report spam abuse, email@example.com. We then took a deeper look at their email infrastructure. We discovered their email servers do not support email transit encryption.
Conclusion: Is CarrierZone HIPAA compliant?
CarrierZone gets failing grades on multiple fronts an a HIPAA compliant email provider. First, they make no mention of HIPAA compliance or whether they will sign a Business Associate Agreement with customers. Second, their entire email infrastructure sends and receives email in unencrypted format. Another big no-no for HIPAA compliance. Lastly, no phone number listed for sales or tech support and no other way to contact them other than firstname.lastname@example.org.
Without any mention of HIPAA on their website, along with their use of an unencrypted email system and no way to contact them, we are left to conclude that CarrierZone is not a HIPAA compliant email provider.