Product names don't get much simpler than Private Email, a "web-based business hosting solution." But as we've learned, the definition of "private" can vary, especially for covered entities trying to comply with the HIPAA Privacy Rule. Private Email promises "everything you need for simple and secure web-based email hosting wrapped in a fast, lightweight interface." But can they deliver for healthcare?
Who is Private Email?
How does Namecheap Private Email work?
While the Namecheap site provides a lot of information on the many features and settings available to Namecheap Private Email customers, none of them mention privacy or security. The company has published a support article " What is Namecheap Private Email," which notes that it is powered by Open-Xchange, "cloud-based open-source collaboration software." Open-Xchange can be downloaded and installed for free, and in fact, it provides a product called OX Cloud specifically to companies like Namecheap with features that can specifically be resold as "premium features." Notably, Open-Xchange email is not encrypted by default. There is an add-on called OX Guard that uses the PGP standard, but PGP has its flaws. And Namecheap's implementation does not appear to include it, anyway.
Is Private Email HIPAA compliant?
Private Email is just a subsidiary brand of Namecheap, which is using freely available software to provide email hosting. And despite the word "private," there appear to be no particular features related to email security, including encryption. Not surprisingly, there is also no mention of HIPAA or a business associate agreement. We are quite confident in determining that Namecheap Private Email is not a HIPAA compliant email provider.