LegitScript launched the Compliance Collective on June 23, 2026, and Paubox is one of three founding partners. Paubox covers HIPAA compliant email security in the program, joining Clym for web accessibility and privacy and Vouched for patient identity verification.

The Compliance Collective is a curated vendor program that connects LegitScript-certified healthcare businesses with tools for the compliance work that comes after certification. LegitScript built it in direct response to client feedback, according to the company's launch announcement.

What the Compliance Collective is

LegitScript Certification shows that a business meets the standards to operate and advertise legitimately online. For most healthcare operators, that certification is one piece of a larger compliance picture.

Web accessibility, email security, HIPAA compliance, and patient identity verification are all areas where a gap can turn into regulatory and reputational risk. The Compliance Collective gives LegitScript-certified clients a short list of vetted vendors that cover those areas, so they are not starting from scratch when they go looking for tools.

The program launches with three founding partners, each mapped to a compliance area LegitScript most often sees its clients navigating:

  • Clym covers web accessibility and privacy compliance.
  • Paubox covers HIPAA compliant email security.
  • Vouched covers patient identity verification for healthcare and telehealth.

How LegitScript chose its partners

Partners in the Compliance Collective are selected, not sponsored. A vendor cannot buy its way in.

LegitScript evaluated each partner against three criteria:

  • healthcare compliance alignment
  • operational track record
  • fit with the needs of its certified client base

That selection model is the reason the list is short, and it is what makes a spot in the program a signal rather than an ad.

Jaylene Kunze, Chief Operating and Financial Officer at LegitScript, framed the program this way: “Certification is where compliance begins, not where it ends. Our clients operate in some of the most highly regulated industries in the world. They need solutions designed to manage risk, protect consumers, and build trust.”

Why email security earned a spot

For any organization that handles protected health information (PHI), email is one of the most common places that data gets exposed. A single message sent without encryption can become a reportable breach.

Email is where a lot of risk lives, which is why it sits alongside accessibility and identity verification as a compliance area LegitScript-certified clients have to account for.

Certification does not secure the inbox. That is the gap email security fills, and it is why the category made the founding list.

What Paubox brings to the program

Paubox is the leading provider of HIPAA compliant email security for healthcare, trusted by more than 8,000 organizations including Cost Plus Drugs, Rippling, and Covenant Health.

Paubox works with the email platform a healthcare team already uses. Every outbound email is encrypted by default, with no portals, passwords, or plugins for the recipient. On the inbound side, AI-powered inbound email security analyzes sender behavior and message intent to catch phishing, spoofing, and business email compromise (BEC) that traditional filters miss. The full guide to how this works lives in our HIPAA compliant email resource.

Hoala Greevy, Chief Executive Officer at Paubox, put it plainly in the announcement: “HIPAA compliant email requires securing every email a healthcare organization sends and receives. It’s a natural complement to LegitScript Certification, and it shuts down one of the most common ways patient data gets exposed. We’re thankful to join the Compliance Collective and help LegitScript-certified clients protect patient data with HIPAA compliant email, without disrupting how teams already work.”

What this means for LegitScript-certified businesses

If your organization holds LegitScript Healthcare Certification, the Compliance Collective gives you a vetted starting point for the controls that certification does not cover. You can explore the program and vendors on LegitScript's website.

Securing email is one of the fastest of those controls to put in place, because it works with the platform your team already uses. You can start for free and have encrypted email running without changing how people send and receive messages.