HIPAA compliance certification
Many doctors would like a way to communicate securely with their patients. Doctors don't know how to evaluate products such as ProtonMail - they rely on certifications from 3rd-party agencies that the product meets HIPAA requirements.
A couple of notes.
There is no "official" certification of HIPAA compliance. The closest thing is probably HITRUST certification.
Despite what others say ProtonMail is probably not HIPAA compliant right now. Does ProtonMail have a HIPAA compliance officer and security office (required by HIPAA)? Do they state that they are HIPAA compliant?
If the answer to these questions is no, ProtonMail is currently not HIPAA compliant, even if it is planning for certification and provides good security.
Another thing required by HIPAA is the ability to determine who has viewed, updated or accessed PHI. I'm not sure how ProtonMail could track this as they have no ability to ascertain whether PHI is included in messages
The benefits of using encrypted email for HIPAA compliance:
How encrypted email supports HIPAA compliance
Encrypted email services employ end-to-end encryption to secure your data, meaning no one except the sender and the recipient is able to read the message.
How ProtonMail complies with HIPAA
At ProtonMail, we understand the sensitivities and the importance of keeping patient healthcare data private and secure. The information below is intended to inform our customers who are "covered entities" under HIPAA that we are aware of their HIPAA requirements and will do our part to help ensure that their patient data is kept confidential.
HIPAA compliance integrations with other HIPAA providers.
Louisa Sitala commented
Thank you for sharing this, Bill! It's a much needed feature.
Also compliance with Canadian legislation (e.g., PHIPA, PIPEDA), EU legislation, etc. Additionally, ISO 27001 and SOC2 would be nice.
@Bill Walton: Very good suggestion!