The HIPAA Security Rule’s first major update since 2003 was published as a Notice of Proposed Rulemaking in December 2024, raising the floor on encryption, multi-factor authentication, and audit logging for every covered entity that handles electronic protected health information by email. For solo therapists, dental practices, and small law firms, Hushmail is one of a short list of email providers that ships HIPAA-ready out of the box, signs a Business Associate Agreement, and includes encrypted intake forms — without forcing you onto a Workspace Enterprise tier. It is also, by its own architecture, not the right tool for activists, journalists, or anyone whose threat model includes a US court order. Here is what Hushmail does well, where it falls short, and who should actually buy it.
Verdict in One Line
Best for: US healthcare professionals, dental practices, small law firms, and HR teams that need a HIPAA-signed BAA and encrypted intake forms without the overhead of Google Workspace Enterprise. Skip if: your threat model includes nation-state surveillance, US court orders, or you simply want personal end-to-end encryption — pick ProtonMail or Tutanota instead.
What Hushmail Actually Is
Hushmail is a paid, web-based encrypted email service founded in 1999 in Vancouver, Canada. It uses OpenPGP for message encryption, with keys managed server-side by Hushmail. Its commercial focus shifted decisively toward US-regulated industries — healthcare, law, accounting — after it discontinued its free consumer tier in 2017.
A few things to fix in your head before reading the rest:
- Web-first. The primary interface is the Hushmail web client. Mobile apps exist for iOS and Android. IMAP and POP are supported but limited (encrypted-to-Hushmail mail decrypts in the web client; IMAP exposes only the cleartext mailbox).
- Server-managed keys. This is the most consequential design choice. ProtonMail and Tutanota generate and store keys client-side, which means the provider cannot read your mail. Hushmail manages keys on its servers, which means it can — and has, when legally compelled.
- OpenPGP under the hood. Hushmail uses the OpenPGP standard, the same protocol behind GnuPG and other PGP tools. Power users can in theory take their encrypted message archives elsewhere.
- Headquartered in Canada, subject to US legal cooperation. Hushmail is a Canadian company, but Canada has Mutual Legal Assistance Treaties with the United States and most Five Eyes partners. The 2007 federal disclosure case (covered below) was executed under exactly such a treaty.
Pricing — and Why There Is No Free Plan
Hushmail discontinued its free tier in 2017. Today it sells four paid plans: Hushmail for Personal Use at roughly USD 49.98/year, Hushmail for Small Business, Healthcare, and Law — the last three priced per user per month and bundling features like custom domains, archived storage, and a signed Business Associate Agreement. Exact prices change; check the pricing page for current numbers.
The plan structure as of writing:
| Plan | Typical price | Storage | BAA included | Best for |
|---|---|---|---|---|
| Personal Use | ~USD 49.98/year | 10 GB | No | Individuals wanting encrypted email |
| Small Business | Per user/month | Larger | No (encryption only) | Small teams, custom domain |
| Healthcare | Per user/month | Larger | Yes | Therapists, clinics, dental |
| Law | Per user/month | Larger | Yes | Solo and small-firm attorneys |
The healthcare and law plans include features the personal plan does not: signed BAA, electronic signatures inside the encrypted workflow, encrypted web forms for client intake, archiving, and admin controls. If you are buying Hushmail for a regulated practice, the Personal plan is not actually the cheap option — it is the wrong product. You need Healthcare or Law for the BAA alone.
The 2017 free-tier discontinuation is worth dwelling on. It was unpopular at the time, but it sharpened the business model. Hushmail today is unambiguously a B2B compliance tool, not a privacy-curious consumer product. That focus is reflected in the documentation, the support response times, and the audit-trail features.
What Hushmail Does Well
Hushmail’s strongest selling points are the signed BAA on healthcare and law plans, encrypted intake forms with electronic signatures, the ability to send encrypted messages to non-Hushmail recipients via a secure web portal, and a 25+ year operational track record of running a service designed around encrypted mail.
Signed Business Associate Agreement on Healthcare and Law plans. This is the single feature that justifies most Hushmail purchases. HIPAA requires every covered entity (and its business associates) to have a signed BAA in place before handling electronic Protected Health Information. Standard consumer email — including standard Gmail and standard Outlook — does not include one. Google Workspace Business or Enterprise does, but the setup overhead, admin controls, and per-seat cost are designed for organisations with IT staff. For a solo therapist, a five-person dental practice, or a small law firm, Hushmail is the path of least resistance.
Encrypted forms with e-signatures. A Hushmail account on a Healthcare or Law plan includes a Forms feature: you can build intake forms, consent forms, or questionnaires that load over HTTPS, capture data into your encrypted mailbox, and support e-signatures. For practices that previously emailed PDFs back and forth or used Google Forms (which is not HIPAA-eligible without a signed Workspace BAA), this is a meaningful workflow upgrade.
Encrypted-to-anyone via the web portal. When you send an encrypted Hushmail message to someone outside Hushmail, the recipient receives a notification email with a link. They click through to a Hushmail-hosted secure portal, set a passphrase or use one you shared out of band, and read or reply inside the portal. The reply stays encrypted. This is the same pattern used by Microsoft 365 Message Encryption and similar enterprise tools.
Track record. Hushmail has operated since 1999. The service has survived two acquisitions, a major architecture overhaul, the 2017 free-tier shutdown, and consistent legal scrutiny. For a regulated practice that needs a vendor it can rely on for a decade, longevity matters.
Two-step verification. Hushmail supports TOTP-based 2FA on every plan. Mandatory for healthcare and law accounts.
Where Hushmail Falls Short
Hushmail’s three most consequential limits are its server-managed key architecture (it can decrypt user mail when legally compelled, and has done so), the lack of a free or trial tier for evaluation, and the absence of native end-to-end encrypted apps comparable to ProtonMail’s mobile clients. None of these matter for most healthcare buyers; all of them matter for activists, journalists, or anyone with a non-routine threat model.
The 2007 federal disclosure case. In November 2007, Wired reported that Hushmail had, under a court order via Mutual Legal Assistance Treaty between Canada and the United States, decrypted the email contents of three Hushmail accounts and turned over 12 CDs of plaintext to US federal authorities investigating an alleged steroid distribution case. Hushmail did not deny it. The episode established a precedent that has been cited in every serious comparison ever since: Hushmail is encrypted, but the keys live on Hushmail’s servers, and Hushmail is subject to court orders that can compel disclosure. If your threat model includes that scenario, Hushmail is the wrong tool — pick ProtonMail or Tutanota, both of which use zero-knowledge architectures where decryption keys never leave the user’s device.
No free plan. This is a defensible business choice but it does mean you cannot evaluate Hushmail without paying. There is a refund policy; it is not a free trial.
Mobile apps trail the web client. Hushmail’s iOS and Android apps work, but the design and feature parity lag the web interface. ProtonMail, by contrast, ships first-class native apps with active development.
No client-side encryption controls. You cannot bring your own PGP key, you cannot rotate keys on demand, and you cannot inspect the encryption pipeline. Everything happens server-side.
Limited search inside encrypted mail. Server-side search of encrypted message bodies is constrained. The web client searches metadata and decrypted display content, but advanced operators are sparse compared to Gmail’s search.
Hushmail vs ProtonMail vs Tutanota
| Dimension | Hushmail | ProtonMail | Tutanota |
|---|---|---|---|
| Free plan | No (since 2017) | Yes (1 GB) | Yes (1 GB) |
| Architecture | Server-managed keys | Zero-knowledge | Zero-knowledge |
| Jurisdiction | Canada | Switzerland | Germany |
| Signed BAA (HIPAA) | Yes (Healthcare plan) | Via Proton Business | No |
| Custom domain | Business plans | Plus and above | Premium and above |
| Encrypted forms | Yes | No | No |
| E-signatures inside encrypted workflow | Yes (Healthcare) | No | No |
| Native iOS/Android apps | Yes (basic) | Yes (full-featured) | Yes (full-featured) |
| OpenPGP for external recipients | Yes (web portal) | Yes (PGP-native + portal) | Proprietary protocol |
| Best buyer | US regulated SMB | Privacy-focused individual | EU privacy-focused user |
Choosing between them is rarely about features in isolation. Hushmail is the right answer for a regulated US small business. ProtonMail is the right answer for an individual who wants serious privacy. Tutanota is the right answer for European users who want zero-knowledge mail with a German legal home and no PGP dependency.
Who Should Actually Buy Hushmail
Buy Hushmail Healthcare or Law if you are a solo or small-team US-based practice that needs a HIPAA-signed BAA, encrypted intake forms, and electronic signatures, and you don’t want to learn Google Workspace’s admin console. Skip Hushmail Personal — it is rarely the best fit for either privacy or compliance use cases.
Buy if:
- You are a US therapist, dentist, clinic, or healthcare practitioner needing HIPAA-compliant email with a signed BAA in place fast.
- You are a US solo or small-firm attorney handling client communications that need encryption and electronic signatures.
- You run a small accounting or HR practice and need to exchange sensitive data with clients without setting up Workspace Enterprise.
- You value a 25-year operational track record over the latest cryptographic architecture.
Skip if:
- You are an individual who wants end-to-end encryption for personal use → ProtonMail.
- You are a journalist or activist whose threat model includes US court orders → ProtonMail or Tutanota.
- You want to evaluate before paying → Hushmail does not offer a free trial.
- You want first-class mobile apps with regular feature parity → ProtonMail.
- You need EU data residency for GDPR optics → Tutanota.
Alexis Dollé, email expert for 10+ years. Founder of Email Tools. I test every email client and utility myself, then write about them the way I’d explain them to a friend — no marketing fluff, no sponsored rankings, every claim sourced.
LinkedInSources & references
- Hushmail official pricing page — current plan tiers, prices, and storage. hushmail.com/pricing/personal/
- Hushmail for Healthcare — feature list, BAA inclusion, encrypted forms, and e-signature workflow. hushmail.com/business/healthcare/
- Ryan Singel, Wired, “Encrypted E-Mail Company Hushmail Spills to Feds,” 7 November 2007 — primary source for the disclosure precedent. wired.com/2007/11/encrypted-e-mai/
- HHS, Business Associate Contracts (sample BAA provisions) — what HIPAA requires from any vendor handling electronic Protected Health Information. hhs.gov — sample BAA provisions
- HHS, Notice of Proposed Rulemaking, “HIPAA Security Rule to Strengthen Cybersecurity of Electronic Protected Health Information,” published in the Federal Register 6 January 2025 — the first major Security Rule update since 2003. federalregister.gov — HIPAA Security Rule NPRM
Frequently asked questions
Is Hushmail truly end-to-end encrypted?
Not in the zero-knowledge sense. Hushmail uses OpenPGP, but its servers manage the encryption keys, which means Hushmail itself can technically decrypt user mail when legally compelled. Hushmail did exactly that in 2007, handing 12 CDs of decrypted emails to US federal authorities under a Mutual Legal Assistance Treaty request. ProtonMail and Tutanota use zero-knowledge architectures where the provider cannot read user mail even under court order.
Does Hushmail have a free plan?
No. Hushmail discontinued its free tier in 2017. The cheapest plan is Hushmail for Personal Use at roughly USD 49.98/year. Healthcare, Law, and Small Business plans are billed monthly per user.
Will Hushmail sign a Business Associate Agreement (BAA) for HIPAA compliance?
Yes — but only on the Healthcare and Law plans, not the Personal plan. The signed BAA is the central reason therapists, clinics, dentists, and law firms pick Hushmail over Gmail or Outlook for client-facing email. Standard Gmail does not include a BAA; Google Workspace Business or Enterprise does, with a different setup overhead.
Can I send encrypted Hushmail emails to people who do not use Hushmail?
Yes. When you send to a non-Hushmail recipient, Hushmail delivers a notification email containing a link to a secure web portal. The recipient sets a passphrase (or uses one you’ve shared out of band) to read and reply to the message. The exchange stays encrypted end to end via the portal.
Does Hushmail support custom domains?
Yes, on the Small Business, Healthcare, and Law plans. The Personal plan only allows @hushmail.com or @hush.com addresses. Custom-domain setup involves changing your domain’s MX records to Hushmail’s mail servers.
How does Hushmail compare to ProtonMail for general privacy?
ProtonMail wins on architecture (zero-knowledge keys, Switzerland jurisdiction, open-source clients) and on free-tier accessibility. Hushmail wins on US healthcare compliance (signed BAA, encrypted forms, electronic signatures inside the encrypted workflow) and on legal-services workflow features. They serve different buyers — ProtonMail for individual privacy, Hushmail for regulated US small businesses.
Related: Best email clients for Windows 2026 — for situations where the encryption story matters less than the mail-handling experience.