Since Paubox is a Business Associate to thousands of customers, we’ve been wondering if they are able to use Sendinc in a HIPAA compliant manner. In fact, we've noticed more vendors, customers, and prospects asking about HIPAA compliant services. This is especially true now as we see an accelerated, long overdue adoption of digital transformation in healthcare. We know the HIPAA industry is vast, so we can empathize with just how many people need to use cloud services in this sector. Today we will determine if Sendinc offers HIPAA compliant email service or not.
Sendinc
Sendinc is a freemium secure email service. The service is similar to portal-based solutions, whereby it requires senders and recipients to register an account on their platform. If the recipient does not create an account, they cannot view the email. The freemium version of the Sendinc will store messages for only seven days. We also found that Sendinc has a REST API. Sendinc was founded in 2008 and was acquired by j2 Global, Inc. in 2017.
If a Business Associate provides services to a Covered Entity, then a Business Associate Agreement (BAA) must be in place. A BAA is a written contract between a Covered Entity and a Business Associate and is required by law for HIPAA compliance. At a minimum, a Business Associate Agreement contains 10 provisions. Read full article:Business Associate Agreement Provisions
Sendinc and the Business Associate Agreement
We checked the Sendinc site for mention of their ability to sign a Business Associate Agreement (BAA). We found the following pages:
The Sendinc site is glaringly out of date. The Privacy Policy link in its footer menu is from 2017, while a quick google search reveals a more updated Privacy Policy that is not referenced anywhere on the site.
The Terms and Conditions link on the Sendinc site points to a page hosted on excelmicro.com, which is a Pennsylvania limited liability company and apparently also owned by J2 Global. We found this to be very confusing.
The Sendinc homepage claims that, "Sendinc helps your organization achieve and maintain compliance with the growing number of regulations including HIPAA." We could not find any proof however, that Sendinc or J2 Global will actually sign a Business Associate Agreement with their customers.
Does Sendinc offer HIPAA Compliant Service?
The Business Associate Agreement (BAA) is a key component to HIPAA compliance between a Covered Entity and a Business Associate. We were able to learn the following about Sendinc about their ability to be considered a HIPAA compliant solution:
We could not find any evidence that Sendinc or its parent company J2 Global will sign a BAA with their customers.
The Sendinc site is out of date and appears to be dormant.
Conclusion: Since we could not find evidence that Sendinc or J2 Global will sign a BAA with their customers for the service, we cannot recommend Sendinc as a HIPAA compliant email service.