Important: HIPAApropriateness reviews, including their summaries, are for informational purposes only. They are neither consultation nor legal advice. Be aware that while we do our best to be thorough and complete, information may be missing or possibly even inaccurate. Products also change quickly, and the review may become out of date. By continuing to read, you agree to use the information in HIPAApropriateness reviews and their summaries at your own risk.

Vital Stats

HIPAA compliance with this product appears possible?: No.
Recommend for your HIPAA risk management needs?: No.

What Is This Product?

 FlowCrypt is a Gmail extension (add-on) for encrypting messages. While it might be a great option for personal usage, it is not an option for healthcare providers/HIPAA covered entities: FlowCrypt would be a third-party service provider handling PHI (protected health information) on your behalf, meaning that a Business Associate relationship is present and a Business Associate Agreement is required — but FlowCrypt does not offer a Business Associate Agreement (BAA.)

For more about what constitutes PHI, please see our course “How to Identify HIPAA Protected Health Information: Finding Your Clients’ Sensitive Information Wherever It Goes” (included in membership.)