At this point, it shouldn’t come as a surprise that most of the big tech companies don’t exactly value your privacy. Facebook is still working to fix the damage caused by the Cambridge Analytica breach, where Cambridge Analytica stole the personal information of 70 million Americans and used it for political purposes. Both AOL and Yahoo have been caught actively selling access to your data to advertisers. Google’s Director of Security for Google Cloud claims that Google will read your Gmail messages in “specific cases where you ask us to and give consent, or where we need to for security purposes”. Unofficially, they’ll read email for much more than that, including AI training and yet more personalization of ads.
That last example bothers us at Keyqo the most. Every one of us here has a Gmail account, and we use it for quite a bit. Personal conversations, account notifications, and all the rest. We consider that private information and don’t want any random developer to look through our personal life. That holds doubly true for our work emails, and we can imagine you as a healthcare professional feel the same way.
Best Secure Email Providers for Physicians in 2019
So what’s to do? Has someone created an email provider that actually respects user privacy? One that no one besides the owner of an account can ever access? Surprisingly, yes! Quite a few exist. We’ve done a comprehensive review, including jurisdiction of the company, security standards, privacy preservation, and ease of use. As a result, we’ve found the best secure email providers for physicians in 2019.
Disclaimer: Keyqo Security does not have any business or financial relationship with any of the secure email providers listed below. Individual employees of Keyqo may use these providers for personal use only. Further, this is meant to be a high-level overview, not a comprehensive security audit. We’ll be happy to product custom analyses for any email provider you would like; please contact us for details.
We really can’t make an article like this without including the king of the industry, ProtonMail. Founded by physicists from CERN, ProtonMail is a Switzerland-based secure email provider focused on security and usability.
- End-to-end encryption – This means that any email you send is encrypted on your personal computer or phone (the “client”), well before it reaches ProtonMail servers. The private keys for this encryption are stored on your personal device. Since ProtonMail uses industry-leading open-source cryptography algorithms like AES, it is mathematically impossible for ProtonMail or anyone else to read your private emails.
- Minimal user info retained – If you wish to stay completely anonymous, ProtonMail offers free accounts with next-to-no user-supplied information required. Even if you use a paid plan, you can give fake information and pay with anonymous methods like Bitcoin to keep your identity private. Further, ProtonMail does not log your activity, only keeping a timestamp of when you last logged in for security reporting (so you can verify the last person to log in was actually you).
- Based in Switzerland – Switzerland has some of the most privacy-respecting legal frameworks in the world. As a fundamentally neutral country, Switzerland has shown no interest in abiding by US or EU requests for information. Only a court order from the state/Cantonal or federal Supreme Court can compel ProtonMail to provide information to anyone inside or outside of Switzerland. But since we already know that ProtonMail collects very little user information from you by default, ProtonMail can mostly give your last login timestamp and whatever information you’ve provided when registering.
- Easy integration with Outlook – ProtonMail has a small plugin that you can add to Outlook and other email clients. This plugin is necessary to use some of the security protections ProtonMail offers. That link is available to you when you log in to your account. Beyond that, integrating ProtonMail into Outlook works the same as Gmail or any other email account.
- It “just works” – In terms of usability, ProtonMail works just like Gmail. I (Mark) actually prefer it a bit more; most settings are much more intuitive to find and customize. I’ve never experienced any issues with people not being able to send emails to me, or any other areas of concern. I do notice that some newsletters I’ve subscribed to don’t come through as often, but it’s a stretch for that to be a bad thing in my mind. Less distraction is not a bad thing!
- Expensive – Like most companies on this list, ProtonMail is not ad-supported. They support themselves by offering paid plans with more features. In our opinion, the most useful plan is the Plus, which offers email filters, auto-reply, and custom domains. This runs $54 a year. Business users would probably want the Professional plan, which offers support for up to 5,000 users and priority support. That runs $85 per year per user.
- History of being attacked/service outages – This is mostly a historical point at this point, but several years ago, people knew ProtonMail as the preferred email provider of journalists and political dissidents. Some governments and hacker groups didn’t like that, so have launched distributed denial-of-service attacks on ProtonMail servers, taking them offline. ProtonMail has since upgraded their infrastructure and security to protect themselves. In our multi-month test period, we have never experienced any outages.
Another extremely well-regarded name in the space, Tutanota is a German secure email provider offering many of the same features as ProtonMail. While cheaper, Tutanota does come with some compatibility issues that can make an email migration difficult.
- Open-source – Fundamentally, IT security professionals prefer open-source programs over closed-source programs. “Open-source” means that the source code for the product is freely-available. Many, many people have reviewed the source code of Tutanota for security holes, and when found, those holes get fixed very quickly. Hence, we can assume there is less risk of an attack on Tutanota than other non-open-source email providers. Source code is available here.
- Low-cost – Like ProtonMail, Tutanota prefers to offer paid plans over serving ads. A Premium plan is analogous to the ProtonMail Plus plan. It doesn’t offer a custom domain, but only costs $14 annually. A basic business plan is also $14 per user annually. If you don’t need the advanced features that ProtonMail would offer, Tutanota makes a good second choice.
- Encryption works to non-Tutanota users – If you’re a Tutanota user and want to send an encrypted email to a non-Tutanota email, you can still encrypt it. Tutanota will create a temporary email account, then will send the other person a link to your message. The other person will have to log in to their temporary account to read what you sent. Not quite as seamless as ProtonMail, but more secure.
- Based in Germany – Germany does abide by EU privacy regulations like GDPR. Further, the right to privacy is enshrined in the German constitution and in laws like the Bundesdatenschutzgesetz (Federal Data Protection Act). However, as a member of the EU, Germany often has to comply with court orders to disclose user data. Tutanota does appear to have access to more sensitive data than ProtonMail, including a given email’s sender, recipient, and date, as well as IP addresses used to access your account. More information can be found here. While we don’t fault Tutanota for this, it’s a risk we don’t need to worry about with Swiss secure email providers.
- Difficulty with compatability – Tutanota doesn’t use standard email protocols like SMTP, IMAP, POP, or protection mechanisms like S/MIME or PGP. Rather, they use custom secure protocols to exchange messages. This offers many more security benefits than your standard email providers, such as encryption of the subject line and perfect forward secrecy (essentially stating that a compromise of the email server wouldn’t leak your credentials going forward). However, it means that you won’t easily be able to check your emails with Outlook or Thunderbird. Further, it means you can’t import any of your old emails into your Tutanota account.
Rounding out our list is a newer name to us, CounterMail. CounterMail is a Swedish secure email provider with nearly a decade of experience in the space and some very novel security and privacy protections.
- Novel security – CounterMail has some pretty nice security protections that I don’t believe many other secure email providers face. First, their web servers have no hard drives. They work using live CDs, which means there are no hard drives for authorities to seize and decrypt. Since it’s the only way to access the company’s mail servers, we can be assured that no information about us will ever be saved. Further, they offer a USB token for multi-factor authentication, which acts as a second “password” to secure your account. They use a special protocol with layered cryptography (RSA and AES-CBC underneath SSL) to protect against man-in-the-middle attacks, meaning that no one can intecept your messages while they’re being sent.
- Based in Sweden – In my opinion, Sweden is between Switzerland and Germany on privacy laws, better than Germany but not as good as Switzerland. However, combined with the security practices and tools we just discussed, I am less concerned about legal issues here than I am with Tutanota.
- The user interface is ugly – This one is obviously a matter of preference, but I think the user interface is hideous. It’s clear that their spending is on security rather than front-end design. Take a look at their site and see if it works for you.
- Cost – There are only two plans offered by CounterMail, free and Premium. Premium costs $49 annually, making it the second most expensive provider on our list.
Fundamentally, Keyqo Security believes the most secure email providers for physicans in 2019 are ProtonMail, Tutanota, and CounterMail. If cost is a primary motivator for you, we’d recommend Tutanota. When privacy is your biggest concern and you need the absolute best in security measures, CounterMail is a safe bet. If you want something that “just works” while still respecting your privacy, go with ProtonMail.
Want to learn more about one of these secure email providers for physicians? Interested in switching email providers and want to partner experienced in email migrations? We’re happy to assist, so get in touch!