During a staff meeting today, it was our suggested our audience would love to learn more about the differences between Twilio SendGrid, which offers a transactional email API, and our own Paubox Email API.
This post will compare and contrast Twilio SendGrid and Paubox as it relates to HIPAA compliant email.
SendGrid is a cloud-based email delivery service that helps businesses to send emails that land in the recipient’s inbox. It provides a scalable, reliable, and cost-effective solution for businesses to send transactional emails without having to worry about the infrastructure and maintenance of an in-house email infrastructure. The company provides various features to help businesses send emails, such as APIs for integration with other systems, marketing campaigns, and real-time analytics.
It was acquired by Twilio in 2018 for $2 billion and shortly after, changed its name to Twilio Sendgrid.
About Paubox Email API
Paubox Email API is a cloud-based secure email delivery service that helps healthcare organizations improve patient journeys. Common use cases include delivering test results, personalized appointment reminders, automating e-consent forms, and managing clinical trial recruitment.
Paubox launched in 2015 and currently has over four thousand customers in all 50 states.
Is Twilio SendGrid HIPAA compliant?
There are several nuances when it comes to Twilio SendGrid and its ability to provide HIPAA compliant email.
First, let’s start with a quick recap of terms. The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that protects the privacy of individuals’ personal health information, otherwise known as protected health information (PHI).
As we’ve previously discussed, HIPAA applies to covered entities, which includes healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity. A business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required by law for HIPAA compliance.
We’ve written in the past about Twilio SendGrid and its stance on HIPAA compliance. In a nutshell, while Twilio does offer a range of HIPAA compliant solutions, SendGrid is not one of them. The clearest example is a SendGrid documentation article called, “Is SendGrid HIPAA Compliant?“
So when it comes sending HIPAA compliant email via Twilio SendGrid, this is not a supported feature.
Is Paubox HIPAA compliant?
Paubox provides a BAA for all paid and freemium customers.
In addition, the following solutions are HITRUST CSF certified:
While an official HIPAA compliance certification does not exist, it’s widely acknowledged HITRUST CSF is the closest thing to it. In a nutshell, not only is Paubox HIPAA compliant, but its solutions are also HITRUST CSF certified.
Both Twilio SendGrid and Paubox offer a transactional email API that alleviates the need for customers to fret about infrastructure and maintenance of in-house email systems. Publicly traded, Twilio SendGrid is a much larger company than Paubox.
Twilio SendGrid however, is not tailored for U.S. healthcare. This is apparent both from its technical design and its compliance department.
Paubox on the other hand, was built from the ground up to provide secure, easy-to-use, HIPAA compliant email. This is apparent from its technical design (four patents and counting), HITRUST CSF certification since 2019, and inclusion of a business associate agreement for all customers (paid and freemium).