Paubox blog: HIPAA compliant email made easy

Is Sendinc a HIPAA compliant email service?

Written by Hoala Greevy | August 03, 2020
Since Paubox is a Business Associate to thousands of customers, we’ve been wondering if they are able to use Sendinc in a HIPAA compliant manner. In fact, we've noticed more vendors, customers, and prospects asking about HIPAA compliant services. This is especially true now as we see an accelerated, long overdue adoption of digital transformation in healthcare. We know the HIPAA industry is vast, so we can empathize with just how many people need to use cloud services in this sector. Today we will determine if Sendinc offers HIPAA compliant email service or not.

 

Sendinc

Sendinc is a freemium secure email service. The service is similar to portal-based solutions, whereby it requires senders and recipients to register an account on their platform. If the recipient does not create an account, they cannot view the email. The freemium version of the Sendinc will store messages for only seven days. We also found that Sendinc has a REST API. Sendinc was founded in 2008 and was acquired by j2 Global, Inc. in 2017.

 

What is a Business Associate?

A Business Associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a Covered Entity. In a nutshell, the role of a Business Associate is to help Covered Entities comply with the HIPAA Privacy Rule Read full article: What does it mean to be a Business Associate?
Secure email for modern healthcare. Right out of the box.

 

Business Associate Agreement provisions

If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement (BAA) must be in place. A BAA is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance. At a minimum, a Business Associate Agreement contains 10 provisions. Read full article: Business Associate Agreement Provisions

 

Sendinc and the Business Associate Agreement

We checked the Sendinc site for mention of their ability to sign a Business Associate Agreement (BAA). We found the following pages: On those pages, we can see that:
  • The Sendinc site is glaringly out of date. The Privacy Policy link in its footer menu is from 2017, while a quick google search reveals a more updated Privacy Policy that is not referenced anywhere on the site.
  • The Terms and Conditions link on the Sendinc site points to a page hosted on excelmicro.com, which is a Pennsylvania limited liability company and apparently also owned by J2 Global. We found this to be very confusing.
  • The Sendinc homepage claims that, "Sendinc helps your organization achieve and maintain compliance with the growing number of regulations including HIPAA." We could not find any proof however, that Sendinc or J2 Global will actually sign a Business Associate Agreement with their customers.

 

Does Sendinc offer HIPAA Compliant Service?

The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a Covered Entity and a Business Associate. We were able to learn the following about Sendinc about their ability to be considered a HIPAA compliant solution:
  • We could not find any evidence that Sendinc or its parent company J2 Global will sign a BAA with their customers.
  • The Sendinc site is out of date and appears to be dormant.
Conclusion: Since we could not find evidence that Sendinc or J2 Global will sign a BAA with their customers for the service, we cannot recommend Sendinc as a HIPAA compliant email service.
 
Try Paubox Email Suite for FREE today.