Best HIPAA-Compliant Email for Therapists in 2026
Using Gmail, Yahoo, or standard Outlook for client communication is a HIPAA violation. Any email service that handles Protected Health Information must sign a Business Associate Agreement — and standard free email providers will not do this. Here are the four best HIPAA-compliant email options for therapists.
Important: Free Gmail = HIPAA violation
Google will not sign a HIPAA BAA for free Gmail accounts. If you are using a @gmail.com address to communicate with clients about their treatment, you are in violation. Google Workspace Business plans do offer BAAs — but you must set it up correctly.
Hushmail for Healthcare
Best purpose-built HIPAA email for therapists
From $9.99/mo
PROS
- ✓Built specifically for healthcare
- ✓BAA included on all plans
- ✓Secure message center for clients
- ✓HIPAA-compliant web forms included
- ✓No IT setup required
CONS
- ✗Not as full-featured as Google Workspace
- ✗Smaller storage than Gmail
- ✗Hushmail branding in email address (unless custom domain)
BAA STATUS
✓ Included on all plans
Google Workspace (Business Starter+)
Best if you already use Google tools
From $6/mo per user
PROS
- ✓Familiar Gmail interface
- ✓BAA available on Business plans
- ✓Integrated with Google Calendar + Drive
- ✓Large storage
CONS
- ✗BAA must be requested separately — not automatic
- ✗Standard free Gmail does NOT qualify
- ✗More complex setup than Hushmail
- ✗Risk of accidentally using personal account
BAA STATUS
✓ Business Starter and above — must request BAA manually
Paubox
Best for automatic encryption without client action
From $29/mo
PROS
- ✓Encrypts all outgoing email automatically
- ✓No client portal required — emails arrive in normal inbox
- ✓BAA included
- ✓Works with existing email domain
CONS
- ✗More expensive than alternatives
- ✗Overkill for low-volume solo practices
- ✗Requires domain setup
BAA STATUS
✓ Included on all plans
Microsoft 365 Business
Best for practices already on Microsoft ecosystem
From $6/mo per user
PROS
- ✓BAA available for Business plans
- ✓Full Office suite included
- ✓Good for Windows-heavy practices
- ✓Teams for HIPAA meetings
CONS
- ✗Standard Outlook.com does NOT qualify
- ✗Business plan required for BAA
- ✗Less intuitive than Gmail for many users
BAA STATUS
✓ Business plans only — not personal Outlook accounts
Trusted by 225,000+ Therapists — Recommended for Therapist in
Get Your Practice 100% HIPAA Compliant in 2026
SimplePractice is the #1 HIPAA-compliant practice management platform built specifically for therapists. Includes secure messaging, telehealth, billing, and a signed BAA — everything you need to stay compliant and protect your clients.
Start Free Trial with SimplePractice →30-day free trial · No credit card required
Need HIPAA-compliant email only? See Hushmail for Healthcare →
FAQ — HIPAA Email for Therapists
Can I use Gmail for therapy client emails?
Only if you are using Google Workspace Business (paid plan) AND have signed Google's BAA. Standard free Gmail accounts are not HIPAA-compliant. Google will not sign a BAA for personal accounts.
What emails count as containing PHI?
Any email that connects a client's identity to their health information — including appointment confirmations, billing, treatment summaries, or anything that mentions a client by name along with any health-related information.
Do I need HIPAA email if I only send appointment reminders?
Yes — if appointment reminders mention the client's name alongside the fact that they have a therapy appointment, that is PHI. Many therapists send reminders that say 'Your appointment with [therapist] is tomorrow' — that is covered.
Is Hushmail actually used by real therapists?
Yes — Hushmail for Healthcare is one of the most widely used HIPAA-compliant email services among therapists and counselors. It was built specifically for healthcare professionals who need simple, compliant email without an IT team.