Since Paubox is a Business Associate to thousands of customers, we’ve been wondering if they are able to use Sendinc in a HIPAA compliant manner.
In fact, we’ve noticed more vendors, customers, and prospects asking about HIPAA compliant services.
This is especially true now as we see an accelerated, long overdue adoption of digital transformation in healthcare.
We know the HIPAA industry is vast, so we can empathize with just how many people need to use cloud services in this sector.
Today we will determine if Sendinc offers HIPAA compliant email service or not.
Sendinc is a freemium secure email service. The service is similar to portal-based solutions, whereby it requires senders and recipients to register an account on their platform. If the recipient does not create an account, they cannot view the email.
The freemium version of the Sendinc will store messages for only seven days.
We also found that Sendinc has a REST API.
Sendinc was founded in 2008 and was acquired by j2 Global, Inc. in 2017.
What is a Business Associate?
A Business Associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a Covered Entity.
Read full article: What does it mean to be a Business Associate?
Business Associate Agreement provisions
If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement (BAA) must be in place.
A BAA is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance.
At a minimum, a Business Associate Agreement contains 10 provisions.
Read full article: Business Associate Agreement Provisions
Sendinc and the Business Associate Agreement
We checked the Sendinc site for mention of their ability to sign a Business Associate Agreement (BAA).
We found the following pages:
- Terms and Conditions (hosted on excelmicro.com)
On those pages, we can see that:
- The Terms and Conditions link on the Sendinc site points to a page hosted on excelmicro.com, which is a Pennsylvania limited liability company and apparently also owned by J2 Global. We found this to be very confusing.
- The Sendinc homepage claims that, “Sendinc helps your organization achieve and maintain compliance with the growing number of regulations including HIPAA.” We could not find any proof however, that Sendinc or J2 Global will actually sign a Business Associate Agreement with their customers.
Does Sendinc offer HIPAA Compliant Service?
The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a Covered Entity and a Business Associate.
We were able to learn the following about Sendinc about their ability to be considered a HIPAA compliant solution:
- We could not find any evidence that Sendinc or its parent company J2 Global will sign a BAA with their customers.
- The Sendinc site is out of date and appears to be dormant.
Conclusion: Since we could not find evidence that Sendinc or J2 Global will sign a BAA with their customers for the service, we cannot recommend Sendinc as a HIPAA compliant email service.