🔑 Key Takeaways
- Encrypted email means only the recipient with the right key can turn ciphertext back to text.
- Three layers can be encrypted or exposed: server-to-server TLS, at-rest storage, recipient device.
- TLS between servers is default on Gmail and Microsoft 365 but drops to plain text on old servers.
- End-to-end via S/MIME or PGP hides the body from providers but demands the recipient hold a key.
- Encryption is one control, not a silver bullet; strong passwords, MFA, and training still matter.
Encrypted email means the message content is scrambled into unreadable ciphertext during transit, storage, or both. Only a recipient holding the correct decryption key can convert it back to plain text.
That definition sounds straightforward. The complication is that encryption happens at different points in the message lifecycle, and each point protects against a different threat. Understanding the layers is the difference between a real safeguard and a marketing label.
This guide walks through what encryption means at each layer, what it protects, and where it stops. For practices sending patient information, the layer question feeds directly into whether a service qualifies as one of the compliant encrypted email services under HIPAA.
The mechanics of email encryption in plain language
Encryption uses a mathematical function to convert readable text into a scrambled string. The function requires a key, which is a piece of secret data. The same key or a paired key reverses the function on the receiving end.
Symmetric encryption uses the same key on both ends. It is fast but requires the sender and recipient to share the key over a secure channel first.
Asymmetric encryption uses a public key to encrypt and a private key to decrypt. The sender uses the recipient’s public key, which can be shared openly. Only the recipient’s private key can decrypt the message.
Email systems combine both. The message body is encrypted with a symmetric key for speed. The symmetric key is then encrypted with the recipient’s public key. The recipient decrypts the symmetric key with their private key, then decrypts the message.
Understanding the mechanics helps interpret what a service is actually doing when it claims to encrypt messages. Sibling coverage on the practical outcome is in what does encrypting email do.
The three points where email encryption happens
An email passes through several stages between the sender’s compose window and the recipient’s inbox. Encryption can apply at each stage.
- Transit between mail servers, protected by TLS.
- Storage on the sender’s mail server, protected by at-rest encryption.
- Storage on the recipient’s mail server, protected by at-rest encryption.
- The recipient’s local device, protected by disk encryption.
A message can be encrypted at one point and exposed at another. TLS protects the wire but not the stored copy. End-to-end encryption protects both the wire and every stored copy, but not the recipient’s decrypted local version.
Compliance auditors ask about each layer individually. A general claim of “encrypted email” without specifying which layer is not a defensible answer.

TLS between mail servers is the baseline layer
Transport Layer Security encrypts the connection between two mail servers during message delivery. Gmail, Outlook.com, and Microsoft 365 all attempt TLS 1.2 or 1.3 by default.
TLS protects against network-level eavesdropping. An attacker sitting on a coffee shop Wi-Fi or an ISP link cannot read the message body while it moves between servers.
The limitation is that TLS applies only during transit. Once the message reaches the recipient’s server, it is decrypted, stored, and re-encrypted with a different key that the server controls. Both the sending and receiving providers can read the stored copy.
TLS also fails silently when the receiving server does not support a compatible version. The message falls back to plain text, and the sender is not warned. The NIST SP 800-52 Rev. 2 guidance documents the accepted TLS versions and cipher suites.
For HIPAA scenarios, TLS alone is usually not enough because the sender cannot prove the message stayed encrypted through the full delivery path.
End-to-end encryption keeps the mail provider out of the loop
End-to-end encryption uses the recipient’s public key to encrypt the message on the sender’s device. The message stays encrypted through every server it passes through, including both mail providers.
Only the recipient’s private key, held on the recipient’s device, can decrypt the message. Neither mail provider ever sees plain text, which is a stricter model than TLS or gateway-based encryption.
S/MIME and PGP both operate at this layer. S/MIME uses certificates issued by a trusted authority. PGP uses keys the user generates and controls directly.
The tradeoff is that both sides need to hold matching keys or certificates. For practices sending to patients who do not have PGP or S/MIME, end-to-end is impractical. Gateway encryption with portal fallback is usually the better fit.
The sibling article does email encryption really work covers this reliability question in more depth.
A billing office at a regional radiology group sends 60 patient statements per day. The office manager assumes TLS between Gmail and the patient's ISP provides sufficient protection. During an OCR investigation prompted by a patient complaint, auditors ask for evidence that each statement stayed encrypted at rest on the receiving mail server. TLS logs cannot prove that. The group moves to a gateway service with message-level encryption plus retained delivery logs, which produces the audit trail the investigation actually requires.
Gateway encryption sits in the middle of the spectrum
Gateway-based services intercept outbound mail at the sender’s mail server, encrypt the message body on that server, and deliver it to the recipient through a secure channel.
Microsoft Purview Message Encryption is the built-in gateway for Microsoft 365 Business Premium and Enterprise. Google Workspace hosted S/MIME serves a similar role on Enterprise Plus. Dedicated services like Mailhippo operate at the same layer for accounts on any plan.
The recipient experience varies. Some services deliver directly to the recipient’s inbox with TLS enforcement. Others deliver a link to a secure portal where the recipient signs in with Microsoft, Google, or a one-time passcode.
Gateway encryption is the pragmatic middle ground for most compliance workflows. It removes the per-contact certificate exchange required by S/MIME while still producing audit logs and enforcing encryption at the message level.
What encrypted email actually protects against
Encryption addresses specific threats. Knowing what those threats are helps calibrate expectations about what a specific service delivers.
- Network-level eavesdropping on the wire between mail servers.
- Unauthorized access to stored messages on the sending or receiving mail server.
- Interception at intermediate mail relays operated by third parties.
- Bulk data harvesting during a mail provider breach.
- Legal discovery requests directed at the mail provider, for end-to-end scenarios.
Encryption does not protect against a compromised endpoint, a phishing attack that captures the user’s password, or a device left unlocked. Those threats live outside the encryption boundary.
The CISA guidance on protecting against cyber attacks covers the layers that encryption cannot address on its own.

What encrypted email does not protect against
The most common source of an email breach is not intercepted encryption. It is a legitimate account accessed by an attacker after a phishing or credential-stuffing attack.
Encryption does not stop an attacker who logs into the recipient’s mailbox with the correct password. Once inside, the attacker reads decrypted messages in the normal client just like the real user would.
Encryption also does not stop a compromised device from exfiltrating messages. Malware that has taken control of the endpoint reads mail after the client has decrypted it.
Multi-factor authentication, workforce training, and endpoint protection sit alongside encryption in a real security stack. The sibling article what is an encrypted email mean covers the definitional side.
For practices whose email decision is part of a broader security posture, a review of healthcare website security features covers the parallel considerations on the web side.
How the recipient experiences an encrypted email
The recipient experience varies by encryption model. A TLS-encrypted message looks identical to any other email because the encryption is invisible between servers.
An S/MIME message in Outlook shows a small ribbon icon in the message header. Apple Mail on macOS and iOS shows a lock icon. Clients without S/MIME support display the encrypted payload as an attachment they cannot open.
A gateway-encrypted message delivered through a portal arrives as a normal-looking notification email with a link. The recipient clicks the link and signs in with Microsoft, Google, or a one-time passcode to read the message.
The sibling article what does encrypted email look like covers the visual side in more detail. The recipient-side handling question is covered in what happens when I encrypt an email.
A vendor claim of encrypted email is meaningless without a layer specification. Ask three questions: Does encryption apply in transit, at rest on your servers, and on the recipient side? Can I export logs that prove each layer per message? What happens when the receiving server does not support the same TLS version? A vendor that hesitates on any of the three is not audit-ready.
Compliance frameworks and what they expect encryption to mean
HIPAA requires reasonable safeguards for electronic protected health information. The Security Rule does not mandate a specific encryption algorithm but requires TLS 1.2 or higher for transmission and encryption at rest for stored PHI.
CMMC requires FIPS 140-2 validated cryptographic modules for Controlled Unclassified Information. That is a stricter standard than HIPAA and rules out some consumer-grade encryption implementations.
GDPR requires appropriate technical measures to protect personal data of EU residents. Encryption of email carrying personal data is one of the measures the regulation explicitly names.
Each framework asks a variant of the same question. Is the encryption strong enough, applied consistently, and documented well enough to defend during an audit? The HIPAA Journal breakdown of encryption requirements is a useful reference for the healthcare side.
Practices coordinating email compliance with broader digital operations can align with a healthcare marketing agency so patient-facing channels share the same posture.
Where dedicated compliant services fit
A dedicated compliant email service applies the encryption automatically at the mail gateway, keeps the audit trail, and provides the Business Associate Agreement or equivalent contract in the base plan.
Mailhippo is one example of that model. It works with existing Gmail or Microsoft 365 mailboxes, encrypts every outbound message without requiring the user to click an Encrypt button, and includes the BAA at signup.
That removes the two most common failure modes on user-driven encryption. Staff cannot forget to encrypt a specific message, and the vendor cannot claim it never handled PHI.
The sibling articles what does it mean encrypted email and HIPAA compliant secure email service cover the same territory from adjacent angles.
The short answer for a practice or business owner
Encrypted email means the message content is protected against interception and unauthorized access at one or more points during its lifecycle. The specific meaning depends on the encryption model in use.
TLS between mail servers is the baseline that Gmail and Microsoft 365 already provide. Gateway encryption is the pragmatic layer that adds message-level protection and audit trails. End-to-end encryption is the strictest layer, reserved for the highest-sensitivity content.
A practice deciding which layer it needs starts with the compliance framework, then works backward to the technical setup. Framework first, technology second.
Practices aligning email decisions with the broader digital footprint can review their healthcare digital marketing services so patient outreach, forms, and encrypted communication share a common standard.
Frequently Asked Questions
Not always. It depends on the encryption model. TLS encryption protects the message between mail servers but the sender’s and recipient’s mail providers can still read the stored copy. End-to-end encryption using S/MIME or PGP keeps the message unreadable to everyone except the recipient, including the mail providers. Gateway-based compliant services usually operate somewhere in between, encrypting at the server and controlling recipient access. Ask your specific service which model it uses before assuming end-to-end protection.
The behavior depends on the service. TLS-based encryption falls back to plain text delivery if the recipient’s server does not support the same TLS version, and most senders never see a warning. S/MIME and PGP simply fail to send because the recipient certificate or key is not available. Gateway services like Microsoft Purview Message Encryption or Mailhippo route the message to a secure portal where the recipient signs in with a one-time passcode instead. That fallback preserves both security and delivery.
For TLS and server-side encryption, yes. The provider stores the message and can read it because it holds the encryption keys on the server. For end-to-end encryption using S/MIME or PGP, no. The provider stores only the ciphertext, and the recipient’s private key never leaves the recipient’s device. This distinction matters for legal discovery, government requests, and internal insider risk. A HIPAA compliant service signs a Business Associate Agreement that limits how it can use the data even when it technically can read it.
Not in the technical sense. Confidential Mode adds an expiration date, disables forwarding on some clients, and can require an SMS code to open. It does not encrypt the message body in a way that satisfies HIPAA, CMMC, or GDPR. The message still travels through Gmail’s normal infrastructure and is readable by Google. Practices that need actual encryption on a Gmail account either upgrade to Workspace Enterprise Plus for hosted S/MIME or route the mailbox through a dedicated encryption service.
It depends on the encryption model. TLS-encrypted messages look identical to any other email because the encryption happens invisibly between servers. S/MIME messages show a small ribbon or lock icon in Outlook, Apple Mail, and other clients that support the standard. Gateway-encrypted messages usually deliver a normal-looking email with a link that opens a secure portal after the recipient signs in with Microsoft, Google, or a one-time passcode. The visible experience ranges from invisible to a portal login.
Usually not. Most encryption methods, including TLS, S/MIME, and Microsoft Purview Message Encryption, encrypt the message body and attachments but leave the subject line in plain text. Mail servers use the subject line for routing, filtering, and threading. Sensitive information should therefore stay out of the subject line even when the message body is encrypted. Some experimental end-to-end protocols encrypt subjects as well, but interoperability with mainstream clients drops sharply when they do.
For server-side and gateway encryption, the message stays encrypted as long as it lives on the server, which is usually until the recipient deletes it or the retention policy expires. For end-to-end encryption, the message stays encrypted forever from the server’s perspective because the server never holds the decryption key. The recipient’s decrypted local copy is a separate matter and depends on the recipient’s device security. Encrypted backups on the mail provider also stay encrypted unless the provider is compelled to decrypt them.








