Hushmail
Hushmail is a Canadian encrypted email service built for healthcare providers and small professional practices, combining OpenPGP email encryption with HIPAA-compliant secure web forms, e-signatures, and intake questionnaires.
Our take
Hushmail occupies a specific niche: healthcare professionals who need encrypted email plus HIPAA-compliant forms without buying and integrating separate tools. A therapist, counselor, or solo medical practitioner can handle the entire client-intake workflow — secure email, intake questionnaires, consent forms, e-signatures — under one subscription. That is the value proposition.
For personal use, Hushmail Personal Premium at $49.98/year provides a functional encrypted email account with a Canadian jurisdiction. But if encryption is the primary need, Proton Mail or Tuta offer stronger zero-access architecture at comparable pricing.
What stands out
HIPAA-compliant forms built in. Most encrypted email services handle messages only. Hushmail adds a drag-and-drop form builder that collects electronic protected health information, captures e-signatures, and handles intake documents. For a solo therapy practice, this replaces a separate form tool and its own compliance overhead.
Secure Message Center. When a Hushmail user sends to a non-Hushmail recipient, the message is delivered via a secure message portal rather than standard SMTP. The recipient accesses it via a passphrase-protected link. This extends some protection beyond the Hushmail network.
BAA availability. Hushmail provides a HIPAA Business Associate Agreement to covered entities, a requirement for US healthcare providers. Many encrypted email services do not offer a BAA.
Where it falls short
True end-to-end encryption only occurs between Hushmail accounts. External email remains protected by transport encryption (TLS), not E2EE. The web-and-mobile-only experience lacks a native desktop client, which some professionals prefer for high-volume correspondence.
Who should pick Hushmail
Pick Hushmail if you are a healthcare provider or therapist who needs encrypted email, HIPAA compliance, and client intake forms under one roof. For encrypted personal email without healthcare-specific requirements, Proton Mail or Tuta offer stronger encryption models at lower cost.
References
- Hushmail pricing: hushmail.com/pricing
- Healthcare plans: hushmail.com/healthcare
- Security overview: hushmail.com/about/security
Pros
- The only mainstream email service that combines encrypted email with HIPAA-compliant intake forms and e-signatures in one product
- Covers the entire client-intake workflow for therapy and counseling practices without third-party form tools
- Canadian jurisdiction with clear HIPAA Business Associate Agreement (BAA) available for US healthcare providers
- Personal Premium at $49.98/year is competitive for an encrypted personal account
Cons
- Encryption is end-to-end only for Hushmail-to-Hushmail messages; external recipients use Secure Message Center (not true E2EE)
- Not positioned for general personal use — feature set and pricing reflect healthcare vertical focus
- No native Windows or Mac desktop app — web and mobile only
- Search is limited compared to standard email clients due to encryption architecture
- Healthcare plans require per-account pricing that adds up quickly for larger teams
Features
- OpenPGP encryption for messages sent between Hushmail users
- Secure Message Center for sending encrypted messages to non-Hushmail recipients
- HIPAA-compliant email archiving and forwarding
- Drag-and-drop form builder with customizable templates for client intake
- Electronic signature capture for consent forms, fee agreements, and disclosures
- Collection of electronic protected health information (ePHI) via secure web forms
- Two-step verification and hardware-key support
- Enhanced spam and virus filtering
- Email aliases and multi-address forwarding for practice management
- File storage up to 10 GB via desktop app
- GDPR, CCPA, ESIGN, and UETA compliance layers