Talk to sales
Start for free

We’ve been seeing more customers and prospects asking their vendors if they have HITRUST CSF certification. In fact, we are seeing a trend of larger healthcare organizations requiring their vendors to have HITRUST CSF certification in order to do business. HITRUST is a standards development organization that was founded in 2007. It develops and maintains a healthcare compliance framework called the HITRUST CSF. In this post, we will determine whether we ourselves at Paubox are HITRUST CSF certified or not.

See Also: What is HITRUST CSF Certification?



Paubox is for healthcare organizations that are looking to remove friction from their HIPAA Compliant Email communications. Paubox is a cloud-based, B2B SaaS solution that provides a seamless user experience for both senders and recipients of secure, compliant email. Unlike incumbent solutions that force recipients to login to a portal to read a secure message, Paubox allows the recipient to read a secure, compliant email in their inbox, just like a normal message. Paubox launched in 2015 and currently have over 2,000 customers in all 50 states and 12 countries. The company is headquartered in San Francisco and has a second office in Lehi, Utah.


Paubox and HITRUST

Although there isn’t a formal HIPAA certification issued by the U.S. Department of Health and Human Services ( HHS), HITRUST CSF certification is widely regarding as the closest thing to it. In other words, HITRUST CSF is the gold standard of security certifications in healthcare. A cursory glance at our homepage reveals that our HITRUST CSF Letter of Certification is listed in the footer menu of every page.


Is Paubox HITRUST CSF Certified?

On 7 February 2019, we announced in a blog post that we earned our initial HITRUST CSF certification. In that post, we noted the following Paubox solutions are powered by HITRUST CSF certified technology:


It should be noted however, HITRUST certifies scopes and products, not entire organizations. Mike Parisi, Vice President, Assurance Strategy & Community Development at HITRUST, succinctly describes the difference: “Organizations are not [HITRUST CSF] certified. Scopes are certified.”

Conclusion: Yes, all Paubox products are HITRUST CSF certified.



Founded in 2007, HITRUST Alliance is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security and risk management leaders from both the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis, and resilience.


Try Paubox Email Suite for FREE today.

Start a 14-day free trial of Paubox Email Suite today