HIPAA compliant email solution Paubox raises $10 Million

The company has more than 4,300 customers, and now secures more than 70 million emails every month

U.S. healthcare has increasingly become a primary target of global threat actors and cybersecurity attacks; nearly 50 million Americans had their protected health information breached in 2021, putting increased pressure on healthcare IT teams to protect and secure patient data. 

Email is a prime target for these attacks: while it's often the easiest way for doctors and patients to communicate, it was also extremely unsecure; that is what Hoala Greevy observed while working with working with Make-a-Wish Hawaii, and other organizations who were subject to HIPAA.

"We saw a pattern around the need for email communication that was encrypted and HIPAA compliant but also easy to use. Most of the solutions on the market at the time focused on delivering secure messages through portals, but those were cumbersome and rarely gained much traction with patients," he said.

"We knew email was a better way to communicate, but the original design of email prioritized deliverability over everything else; so we engineered a way to require secure encryption as well, without changing anything about the user experience."

That's what led him to found of Paubox, a provider of HIPAA compliant email and marketing solutions for healthcare organizations, which announced a $10 million funding round on Thursday from Arthur Ventures; the company had previously raised a $4 million Series A round of funding.

Paubox's core product, Paubox Email Suite, is used by physician clinics and group practices, hospitals, mental health facilities, along with many other organizations that are subject to HIPAA, to ensure that every email their employees send is secure, encrypted and 100% HIPAA compliant, explained Greevy.

"To clinicians or patients there's no difference in how they send and receive email; but behind the scenes Paubox is ensuring protected health information is always secure," he said. 

In addition to outbound email encryption, Paubox Email Suite also provides inbound email security for many of those same healthcare providers, protecting them from phishing and ransomeware attacks, as well as unwanted spam. Those same encryption and security capabilities are also available to application developers who want to add HIPAA compliant messaging to their products by using our Paubox Email API.

Finally, the company also offers Paubox Marketing, a HIPAA compliant email marketing system that allows digital marketers at healthcare provider organizations to send marketing emails that are personalized with PHI while still being HIPAA compliant. For instance, they may want to reach out to diabetes patients about new treatment options, which requires the email list and message to be HIPAA compliant.  

As of August 2022, the company has more than 4,300 customers, and it now secures more than 70 million emails every month, saving its customers both time and money in the process: when organizations switch to Paubox, they save between 20 to 40 hours per week on time that was previously spent fielding portal-related support requests like password resets, and conducting user training. It also saves money by lowering the cost of fines from HIPAA violation, which can range from $100 to $50,000 per incident.

While there are other companies in this space, such as Zix, Proofpoint and Virtru, most of Paubox's customers were using some of the native encryption tools offered by their email service before, Greevy explained.

"The problem with these alternatives is twofold: First, most rely on a portal-based system to communicate with patients, which puts the onus on patients to remember additional logins or passcodes and follow as many as seven steps to read an encrypted message," he said.

"Second, for senders, many of those alternative solutions require extra clicks or designated keywords to trigger encryption, which leaves the responsibility for HIPAA compliance on a staff that's already stretched thin, and opens the possibility of human error."