🔑 Key Takeaways
- Proton Mail encrypts every stored message end-to-end; Proton servers see only the ciphertext.
- External recipients hit a password portal, which drops adoption fast for high-volume patient mail.
- Proton supports PGP interoperability through contact-card public keys for cross-system exchange.
- Proton Business Plus at $12.99 per user per month includes a BAA; Free and Plus tiers do not.
- Practices sending 200 messages a week face portal password tickets; zero-step services fit better.
Proton Mail encrypted email uses end-to-end encryption by default on every message stored on its servers. The sender private key stays on the sender device, and the recipient private key stays on the recipient device.
Proton positioned the service as a privacy-first alternative to Gmail and Outlook. The cryptographic model attracted journalists, security researchers, and privacy-conscious individuals first, then expanded into business plans that include a business associate agreement for regulated users. Practices evaluating encrypted email options often compare Proton Mail against portal-based services and zero-step alternatives.
This guide walks through how Proton Mail encryption actually works on the wire, what the different Proton Mail plans cover, and where practices with heavy external mail volume face friction.
Proton Mail encrypted email cryptographic model
Proton Mail generates a key pair on the user device at account creation. The public key uploads to Proton servers and appears in the user profile. The private key stays on the device, encrypted with a hash of the account password.
Every message stored on Proton servers uses one of two encryption states. Messages between Proton accounts encrypt with the recipient public key, decrypt only with the recipient private key. Messages from external senders encrypt at rest with the recipient public key after arrival.
The model means Proton Mail cannot read stored messages even under legal request. The Swiss court can subpoena the metadata and any unencrypted account information, but not the message body of encrypted messages.
The tradeoff is account recovery. Losing the account password without an active recovery method also loses access to every encrypted message in the mailbox. Proton warns about this state at signup and offers a recovery phrase to mitigate the risk.
Proton Mail encrypted email to Proton Mail recipients
Messages between two Proton Mail accounts encrypt automatically without any sender action. The composer detects the recipient Proton public key and applies encryption in the browser or app before the message leaves the sender device.
The recipient sees a lock icon at the top of the message. Clicking the lock shows the cryptographic details, including the signing key fingerprint and the encryption algorithm.
Reply and forward inside Proton Mail also stay encrypted end to end. The sender does not need to remember to enable encryption because the default is on for every Proton-to-Proton exchange.
This flow gives Proton Mail its strongest security guarantee. Practices with a homogeneous Proton Mail user base get end-to-end encryption without any user education or password sharing step.

Proton Mail encrypted email to non-Proton recipients
Messages to Gmail, Outlook, or other non-Proton recipients require the sender to enable password-based encryption in the composer. The sender picks a password and shares it out of band with the recipient.
Proton Mail sends a notification email to the recipient with a portal link. The recipient clicks the link, enters the shared password, and reads the message inside the browser. The portal supports reply, which sends the reply back through the same portal encrypted with the same password.
The portal step is the biggest source of friction for high-volume senders. A patient who forgets the password calls the office. A patient who does not read the notification email misses the message entirely.
The reply to encrypted email workflow describes how the portal reply flow handles common cases like attachments, quoted text, and multi-message threads.
Proton Mail encrypted email PGP interoperability
Proton Mail supports PGP for interoperability with other encrypted email systems. Senders upload a recipient PGP public key to a Proton contact card. Outbound messages to that contact encrypt with the recipient key.
Inbound PGP messages decrypt with the Proton Mail private key when the external sender used the Proton public key. Proton Mail publishes its public keys through the Proton Web Key Directory endpoint at proton.me/.well-known/openpgpkey.
PGP interoperability makes Proton Mail workable for security researchers, journalists, and technical users who already exchange keys. Configuring PGP takes patience and a working understanding of key management.
For general healthcare use, PGP key exchange is too complex to scale across a patient population. Most patients cannot generate a PGP key, and asking them to do so violates the reasonable and appropriate standard in the HIPAA Security Rule.
A privacy-focused therapy practice in Portland moved to Proton Business Suite at $12.99 per seat for four clinicians and one office manager. Internal case notes travelled end-to-end encrypted with no configuration. External patient mail hit friction fast: 200 encrypted messages per week meant 200 portal password sessions, and the office manager fielded 30 patient calls in the first week about lost passwords. The practice kept Proton for internal mail and layered Mailhippo for outbound patient messages. Patient support calls dropped to two per week within a month.
Proton Mail Business plans and HIPAA eligibility
Proton Mail Free at $0 per month and Proton Mail Plus at $4.99 per user per month do not include a business associate agreement. Neither plan can be used for PHI.
Proton Business Suite at $12.99 per user per month includes a signed BAA. The BAA covers Proton Mail, Proton Drive, Proton Calendar, and Proton VPN. Practices accept the BAA in the admin console during onboarding.
Configure the required admin settings after accepting the BAA. Enable two-factor authentication on every account. Set the Proton retention window to meet the six-year Privacy Rule requirement. Disable Bridge access for accounts that do not need IMAP or SMTP relay through desktop clients.
Reference the current plan matrix at Proton Business plans and the sample BAA provisions at HHS sample BAA provisions before adoption.

Google Mail encrypted email comparison
Gmail encrypts every message in transit with TLS on every Workspace tier. That is the baseline layer. Confidential mode adds link expiry and passcode options on every tier as a second layer, though the message content stays readable to Google.
Gmail S/MIME on Enterprise Plus adds certificate-based encryption. Users install an S/MIME certificate in the Workspace admin console. Outbound messages to recipients with a public certificate encrypt automatically.
Gmail signs a BAA on paid Workspace plans configured for HIPAA. The BAA covers Gmail, Drive, Calendar, Meet, and other core services. Practices sending real PHI usually stack a portal-based encryption service on top for cases when the recipient does not have S/MIME.
Compared with Proton Mail, Gmail treats encryption as opt-in. Proton Mail treats encryption as the default. See encrypted email service by proton for a deeper feature comparison against alternatives.
Canary Mail and third party encrypted email clients
Canary Mail is a third party mail client for iOS, Mac, and Windows that adds S/MIME and PGP encryption on top of any IMAP or Exchange account. Users install Canary Mail, connect their Gmail or Outlook account, and generate keys inside the client.
Canary Mail does not run its own mail server. The underlying mail service handles storage and BAA obligations. Canary Mail is a UI layer on top of the existing account.
Canary Mail Pro at $49 per year adds unlimited encryption features and read receipts. The free tier limits encryption to a small number of messages per month.
Users on apple mail encrypted email setups sometimes prefer Canary Mail for the tighter S/MIME integration. Canary Mail on the desktop bridges to iOS through iCloud sync of the certificate store.
Auto-forwarding rules to non-Proton accounts strip the end-to-end encryption on the forwarded copy. A clinician who forwards case notes to a personal Gmail for offline reading defeats every cryptographic guarantee Proton Mail provides. Open the account settings, remove any active forwarding rule, and disable the option at the admin level so users cannot re-enable it. Document the change in the risk register as evidence of a technical safeguard applied to prevent unauthorized disclosure of PHI.
Encrypted zip as a fallback for encrypted mail
Encrypted zip attaches a password-protected archive to a normal email. The sender shares the password through a separate channel like SMS or phone. The recipient extracts the archive with the password.
The pattern works everywhere and does not require any special mail server or client. Security depends on password strength and the out-of-band password channel.
HIPAA compliance treats encrypted zip as a reasonable and appropriate safeguard when configured with AES-256 encryption and a strong password. The Windows built-in zip does not support AES. Use 7-Zip or WinZip Pro to produce AES-256 archives.
Encrypted zip does not scale. Every message requires manual password sharing. Every recipient needs zip software that supports AES. Automated services like Mailhippo remove the manual step and standardize the recipient experience.
Proton Mail encrypted email limitations and workarounds
Proton Mail encryption breaks in a few common scenarios. Auto-forwarding rules to non-Proton accounts strip the end-to-end encryption on the forwarded copy. Legacy mail clients that connect through Bridge lose the automatic encryption in the client display.
Search inside Proton Mail runs against the client-side decrypted copy. Server-side search is not possible because the server cannot read the content. On large mailboxes, search performance drops compared to Gmail or Outlook server search.
Common workarounds:
- Disable auto-forwarding on any account that carries PHI
- Use the Proton Mail app rather than a legacy IMAP client
- Set a longer local search index window on the app
- Enable Bridge only for accounts that require it
- Rotate the account password on the standard 60 to 90 day cycle
When to pick a HIPAA alternative to Proton Mail encrypted email
Practices with heavy external patient mail volume often face portal password support tickets. A five-person practice sending 200 encrypted messages per week to 200 unique patients handles 200 password sessions per week.
A zero-step encryption service like Mailhippo removes the portal step. Encrypted messages arrive directly in the recipient normal Gmail or Outlook inbox and open like any other message. The sender picks Mailhippo in the toolbar for messages that need encryption and skips it for messages that do not.
Practices running HIPAA compliant website design already understand the reasonable and appropriate standard. Applying the same standard to email means picking the tool that keeps compliance tight while dropping recipient friction. See also security features for healthcare websites for the parallel web guidance.
For further reference, review NIST SP 800-177 Trustworthy Email and the HIPAA Journal guide to compliant email before finalizing the encrypted mail stack. See encrypted email and send encrypted email for related walkthroughs.
Frequently Asked Questions
Proton Mail generates a key pair on the user device at signup. The public key uploads to Proton servers so other Proton users can encrypt messages to it. The private key stays on the device, encrypted with the account password. Messages between two Proton accounts encrypt automatically end to end. Messages to external recipients require password-based encryption, which sends a portal link that the recipient opens with a shared password. PGP support adds interoperability with other encrypted email systems.
Proton Mail Business Plus and higher include a signed business associate agreement, making them HIPAA-eligible when configured correctly. Free and Plus tiers do not include a BAA and cannot be used for PHI. Practices adopting Proton Mail Business need to accept the BAA in the admin console, enable two-factor authentication on every account, and configure Proton retention to meet the six-year Privacy Rule requirement. Test the patient reply flow before deploying because the portal step often drops adoption compared to zero-step alternatives.
If you use Proton Mail yourself, open the message and click Reply. The reply automatically encrypts to the sender Proton Mail account. If you received the message as a non-Proton recipient through a portal link, log in to the portal with the shared password, click Reply inside the portal, and send. The reply stays encrypted through the portal. If the sender used PGP, you need your own PGP key configured in your mail client to reply securely with the same encryption level.
Gmail encrypts every message in transit with TLS on every Workspace tier. Confidential mode adds link expiry and SMS passcode options. Gmail S/MIME on Enterprise Plus adds certificate-based encryption. Proton Mail encrypts every stored message with end-to-end encryption using keys the user controls. Gmail treats encryption as an optional add-on. Proton Mail treats encryption as the default. Gmail signs a BAA on paid Workspace plans. Proton Mail signs a BAA on Business Plus and higher.
Canary Mail is a third party mail client for iOS, Mac, and Windows that adds S/MIME and PGP encryption on top of any IMAP or Exchange account. Users install Canary Mail, connect their Gmail or Outlook account, and generate keys inside the client. Outbound messages encrypt automatically to any recipient with a public key on file. Canary Mail does not run its own mail server, so the BAA question depends on the underlying mail service. Canary Mail Pro at $49 per year adds encryption features.
Encrypted zip attaches a password-protected archive to a normal email. The sender shares the password through a separate channel. The recipient extracts the archive with the password. Encrypted zip works everywhere and does not require any special mail server or client. The security depends entirely on password strength and out-of-band password sharing. HIPAA compliance uses encrypted zip as a fallback for one-off transfers when the recipient cannot access a proper encrypted email service. Automated services like Mailhippo remove the manual step entirely.
Practices with high external mail volume, low IT staffing, or a mixed recipient base often benefit from a zero-step alternative to Proton Mail. Proton Mail portal delivery requires the recipient to remember a shared password. Zero-step services deliver encrypted messages directly to the recipient normal inbox without the portal step. Mailhippo and similar services fit this pattern. The tradeoff is the sender loses the strong Proton cryptographic guarantees in exchange for simpler recipient handling. Pick based on threat model.








