NMA ZSentry™ provides foolproof regulatory compliance and mobility with no changes. ZSentry works as a service, for instant-on message security in the desktop, cloud and phones.

With ZSentry, your messages are automatically secured with no concern that recipients will have password, technology, or device issues in any platform, while ensuring HIPAA and regulatory protection to send, read, store and reply.

Zmail^™ (ZSentry Mail^™) is the secure Mail function of ZSentry^™ (NMA trademarks since 2001).

ZSentry fits in without changing anyone’s solutions, while making it safe and enjoyable by all. In addition to regulatory compliance and mobility, ZSentry improves functionality, usability, and data loss protection.

• Supported Services: email, webmail, web forms, SMS, IM, file storage, secure vault, delivery confirmation, message life-cycle control, single-sign-on, unified communications, and more.
• No Changes: You receive secure email at your usual Inbox, with nothing routed thorough ZSentry, for an email address that you already have. You use your current software, ISP or webmail provider. ZSentry does not receive email and does not host email addresses for users. There is nothing to download or install, no plugins or add-ons.
• Standard Interfaces: ZSentry uses HTTPS at port 443 and/or SSL/SMTP at port 465 (safer, faster). ZSentry can be used in clients and/or servers. ZSentry is already seamlessly integrated with leading IT solutions such as Google Apps, Outlook, Android, iPhone, iPad, Exchange server, and Postfix. ZSentry is based on things that people already understand.
• Regulatory Compliance: ZSentry Sans Target technology enables instant-on regulatory compliance. Enable HIPAA and HITECH Safe Harbor compliance with or without a Business Associate Agreement.
• Foolproof: Organizations can use ZSentry for secure communication with no concern that users will have password, technology, or device issues in any platform. In case of need, ZSentry includes a 24/7 auditing and self-management system, with remote file access monitoring and password reset.
• Usability & Mobility: ZSentry provides safe encrypt and decrypt with 1-click, secure first-contact and reply without registration, two-factor authentication, anti-spoofing, per-message encryption, return receipt, self-destruct, data loss protection, secure archive and other document-control functionality, in desktop, cloud and mobile platforms.

You can use different methods, and some methods may require setup. However, you send, receive, and save securely with just 1-click. For example, with a Mail or cloud client you just select the 'From' address that uses ZSentry and click Send. That's all! The email will be encrypted according to your account's ZSentry Dashboard settings, which you can personalize. Read more

Your secure message will be sent encrypted to the recipient's email address and will be received as usual. The recipient can click the link (or copy-and-paste) to open it in a secure browser window (no setup) or in a Mail Client (may need setup). The recipient will be authenticated as you (the sender) requested, and can read, reply and save the message as well as any attachments.

To reply, the recipient can click the button  Secure Quick Reply 

That's all! In both cases, the service is provided securely but without burdening the recipient with anything more than a mouse click.

Just like with regular email, there is no password to send to the recipient, no signup, cost, installation, setup, or extra work demands. Recipients can use any desktop, tablet or phone. To see for yourself, click FREE Trial >>

When you use ZSentry, your email stands out and recipients can read it with the effort of a single mouse click, without setup and even without registration (if you allow it). They can also reply securely to you, without cost and setup.

With regular email, Inbox clutter and spam overload are often making people not even open your emails, or be afraid to reply.

To further help overcome first-contact hesitation and confusion, and prevent phishing, ZSentry enables senders to add an interpersonal touch. We created a Znote space, which is a custom plaintext note from the sender, visible without decryption, in the email envelope. The Znote is visible in the email summary that, for example, Gmail provides before reading the actual email.

And, of course, you can write the Znote in the language of the recipient! This is useful to enhance the interpersonal context and help flag spam.

In addition, the Znote is also searchable, so that you can easily add externally-visible keywords to your secure message.

Through ZSentry authentication, people will know that your email is not spam, is actually from you and not something to be suspicious about, such as a phishing attack. ZSentry provides Free Reply choices so that a customer, patient or just website visitors can also send you a Zmail — and you can verify that it is safe to open before you actually do it.

And you can easily verify that your Zmail was read, with a Return Receipt providing full "When, Where, Who, What, How" information. You can control how your information is used, delivered and tracked, by using Expiration Time (self-destruct) and other ZSentry controls.

No. It can be more secure if both do, but it works with just the sender using the service. This means that ZSentry is less intrusive on the receiving party than requiring keys, passwords, software installation, or even a setup. This is very useful when you do not want to bother the receiving party, as in a first contact. You can request a Return Receipt upon reading, and also set the email to self-destruct, to track and protect your information. For more, read How to Use Zmail

Nothing is routed thorough ZSentry when you receive secure email, and the email is received in your regular Inbox. When you send secure email, there are two cases, controlled by the sender:

1. Automatic: (higher usability, requires expiration less or equal to 31 days) The message is encrypted per-recipient and split in three parts. One part is sent to the recipient and the other two parts are controlled and stored in the ZSentry servers. All three parts are needed for reading. The result is that even if an attacker has full access to all the servers, and knows the recipient's Usercode / Password, the ZSentry message still cannot be decrypted.
2. Inline or Attached: the ZSentry message is fully sent encrypted to the recipient, and there's no part with ZSentry.

Simplicity is the key used by ZSentry to get both security and usability.

ZSentry is a distributed middleware platform. It works in-between what you already have, and that's why ZSentry does not change what you have and can use what you have. There is nothing to install either, and setup is optional. ZSentry also includes a 24/7 auditing and self-management system.

With ZSentry, you use what you’ve got. You receive secure email at your usual Inbox, with nothing routed thorough ZSentry, for an email address that you already have. You use your current software, mail clients, clould clients, ISP or webmail provider, and devices. ZSentry does not receive email and does not host email addresses for users. There is nothing to download or install, no plugins or add-ons. There is no need to change your user interface. There is no POP or IMAP server use.

ZSentry does not change your recipients' or anyone else's email or system either. Everyone keeps what they have, no new investments, no training, no change. Organizations and power-users can also use ZSentry to directly interface with office applications such as Word, and server applications using .NET, PHP, and other languages.

The sender controls how long the recipient may view the message. This is controlled technically by self-destruct, and by legally effective copyright expiration. Even if the recipient takes a picture of the message, use after expiration is a copyright violation. Read more

For email continuity, if the recipient uses ZSentry Client (e.g., with Outlook) the message is decrypted in the mail client and can be stored decrypted for viewing at any time. Again, the sender's copyright restrictions apply but this is likely not relevant within the same organization, for example.

NMA ZSentry is a technology and Desktop/Web/Cell hybrid service platform for secure, usable, and seamless exchange of information for email, webmail, SMS, IM and other services. ZSentry provides standards-based identity and secure services with unique benefits including:

• already integrated with Mail and Single Sign On for Gmail, Google Apps, Outlook and other systems;
• does not change email, or how anyone uses email, and yet it makes email better, allaying concerns of impersonation fraud (identity theft), spam and phishing, eavesdropping, and unintended disclosure;
• uniquely allows Mail clients & Cloud apps to send and read secure email with zero added user interfaces (nothing to learn);
• additionally, has an easy-to-use, standards-based SSL user interface for Web browsers;
• enables Encrypt and Decrypt with 1-click in all modes of operation;
• empowers users with unique security and usability advantages of Mail clients over Web browsers in terms of SSL implementation;
• provides seamless Desktop, Web, and Mobile service for on-demand and/or on-site security services including email, webmail, SMS, IM, sales, billing, and archiving;
• uses unforgeable (cryptographic) two-factor authentication and anti-spoofing protection;
• presents a familiar username/password authentication interface that uniquely protects passwords against dictionary attack and does not store passwords or usernames anywhere;
• complies with HIPAA, HITECH, HITECH Safe Harbor, FERPA, FFIEC, GLBA, SOA, U.S. State Security Breach Notification Laws and ISO 17799 regulations;
• no required HIPAA Business Associate Agreement to sign (although a BAA can be signed if desired);
• works with any Web browser and Mail client, including Outlook and Apple Mail;
• integrated with Google Apps and Gmail for sending and receiving secure email directly;
• when sending and receiving secure messages such as email, webmail, SMS, or IM, there is no download, no installation process, no plugins, no digital certificates to buy, publish or send, and no changes at all in client systems;
• less Total Cost of Ownership;
• there are no Java programs or ActiveX controls to trust and update in client systems;
• allows users to send a secure message with a single mouse click on first contact, to anyone, anywhere;
• does not burden recipients with anything more than a single mouse click;
• works with Windows, Mac and Linux.

ZSentry works as a distributed middleware between your existing infrastructure and your existing applications and desktop systems, enhancing functionality, usability, and security without changing the end-points.

Yes. ZSentry is certified by the US Government to provide a HIPAA-compliant EMR (Electronic Medical Records) solution (CHPL Product Number: IG-2482-11-0040), including encryption when exchanging electronic health information (§170.302.v) and providing an electronic copy of health information (§170.304.f).

ZSentry is also certified to satisfy HIPAA requirements in U.S. Federal incentive payment programs with Medicare (up to $44,000) and Medicaid (up to $63,750), where ZSentry works with partners providing qualified solutions for meaningful use of certified EMR. ZSentry can also be used with the U.S. Federal incentive program for Eligible Professionals (EP) who are successful electronic prescribers. The bonus is 2% of the Medicare allowed charges for the year.

The U.S. government also requires providers such as ZSentry to demonstrate the level and extent limits in safeguarding protected health information (PHI), including privacy, security, and integrity. ZSentry provides compliance on a technical level, under HIPAA, HITECH Safe Harbor, and other rules as well, without requiring users to sign a Business Associate Agreement (although a BAA can be signed if desired).

Rather than everyone paying a higher price with the BAA, the ZSentry technology allows us to provide a HIPAA compliant service without the formalities of a BAA and with reduced price, while still offering the BAA to those who want it. This is documented in the ZSentry Compliance Statement.

In these applications, ZSentry provides per-message encryption, de-identification, two-factor authentication, control, data loss protection, secure archive and auditing, protecting information in transit and at rest. ZSentry HIPAA conformance can also be verified by you or anyone else. It's quite straightforward and we are also at your disposal for any questions. Read more

There are well-known and recognized standards for encryption of email, including ITU-T and IETF X.509/PKI with S/MIME, and PGP with or without PGP/MIME encoding. ZSentry was developed after these standards and improves upon them in both usability and security . ZSentry provides per-message encryption, de-identification, two-factor authentication, data loss protection, secure archive, message control, and auditing, protecting information in transit and at rest. ZSentry reduces the trust and control requirements in several critical areas, making it easier to attain and demonstrate a higher level of security while increasing usability, for example:

1. Physical Safeguards: ZSentry enforces per-message, end-to-end encryption for every message, so that data is always protected in transit and at rest. Additionally, ZSentry eliminates (rather than just protects) attack targets, which technology we call Sans Target.
   
   The ZSentry Sans Target technology helps allay staff concerns and reduces risk for everyone, including in the cloud and at the client's end. For example, ZSentry does not store your keys, Password and Usercode anywhere, not even encrypted. As another example, if you use the default ZSentry Automatic Skin, a part of your encrypted message may be stored online but the stored part is Sans Target and does not by itself allow the message to be decrypted.
   
   Access to hardware and software is limited to properly authorized individuals. All hardware is located in the US, and customers can also use ZSentry Director to host and physically control their own ZSentry hardware.
   
   
2. Technical Safeguards: ZSentry uses adaptive security, which can reduce and even eliminate the probability of common attack vectors, and also reduce reliance on the actions of users, or other agents. ZSentry adds password hardening with two-factor authentication to protect your ZSentry Password from someone trying to guess it (see next FAQ item).
   
   To reduce exposure, senders can set an expiration period for their ZSentry message to physically self-destruct. This safeguard includes a forensic control perimeter with an effective combination of technical and legal protection in three areas: infringement of copyright, breach of contract, and circumvention of a technological protection measure, to help prevent and control leaks.
   
   To assure secure, server-certified and CRL-verifiable PKI exchange with third-party servers, both the SSL SMTP and SSL HTTP certificates for zsentry.com are issued by leading Certification Authorities, including Thawte Premium Server CA, and support High-grade Encryption (AES-256 256 bit).
   
   SSL bridge and re-direction attacks are prevented by protocol and also by enforcing an SSL connection for any link which sources protected data (e.g. page or message) or contains links to protected information or for protected information entry, even if the link was initially presented as http:// — i.e., without an SSL request (for example, to allow proper operation with some Mail clients). To allay spoofing concerns, our trademarked name ZSENTRY (used in zsentry.com) was crafted to visually prevent letter or number confusions that could lead users to a false site, such as between the number 1 and the letter l in app1esauce vs. applesauce.
   
   
3. Administrative Safeguards: ZSentry operates within the Safe Harbor provision that is legally enabled by privacy rules such as U.S. State Security Breach Notification Laws, HIPAA and HITECH. With ZSentry there are no fines, no loss of reputation, and no liability to notify users in the breach notice context, as no user identity and data can be compromised (Sans Target, see item #1).
   
   This also makes it simpler to demonstrate compliance levels and extent limits regarding HIPAA and HITECH Safe Harbor, with the important benefit that customers are not required to sign a HIPAA Business Associate Agreement (however, ZSentry can sign a BAA if desired). The same beneficial considerations apply to the Federal Financial Institutions Examination Council (FFIEC), the International Standards Organization (ISO) 17799 norm, and other regulations.
   
   
4. External Safeguards: ZSentry technology was first qualified by the Swedish Government's Ministry of Justice Statskontoret in 2001. ZSentry and secure email ZSentry Mail have been extensively peer reviewed, with continuous use online for secure email since 2004, including millions of secure messages sent and received across many different platforms and thousands of organizations worldwide. All procedures use standard and well-known cryptography functions, with a choice of ZSentry encoding (ZS), PKI or PGP.

Only ZSentry has this comprehensive technology. Because only you have your keys, and it would take a staggeringly long time to have a good chance of guessing them, only you can, for example, access your encrypted email address book and decrypt a Zmail sent to you (see next FAQ item). Read more: ZSentry Compliance Statement

ZSentry has three properties that distinguish it from other security technologies using passwords:

1. Sans Target: Only you have your ZSentry Usercode and Password, they are not stored by us, and we do not know them. There are no password or usercode files that could be targeted anywhere. We call this unique property "Sans Target", and is used by ZSentry also to protect your user-keys and user files. The only attack possible is guessing by trial-and-error, which is made harder by properties #2 and #3 below.
2. Password Hardening With Two-Factor Authentication: ZSentry is not as dependent on password quality for security, as conventional systems are. ZSentry uses password hardening with two-factor authentication to help protect your ZSentry Usercode and Password from someone (even our staff) trying to guess them. You can also use ANSI codes from #32 to #255 (keyboard ALT-number), enabling more than 132 bits of entropy with just 13 ZSentry Password characters (and the Usercode).
3. Asymmetry: Because computers work quickly and can network in parallel, security can also be broken very quickly, for example using dictionary attacks to break passwords. Unlike other technologies, while ZSentry prevents too many unsuccessful attempts at access, it does not need to rely on such prevention (which can be bypassed, technically and socially). Instead, ZSentry introduces a critical asymmetry. Although ZSentry authentication is very quick, trial-and-error guessing would take a prohibitively longer time than with a conventional username/password system even if a user would choose a lame password (found in password dictionaries).

To put these points into perspective, if a dictionary attack would take just one millisecond (1/1,000 of a second) to break a conventional system, the same attack for the same password could require more than two million years to break the ZSentry system. Read more

ZSentry makes it much harder to fool people, sending or receiving email. Received messages can be verified to be authentic, by ZSentry and also independently. For sending, ZSentry Client is spoof-free and provides hands-free Single-Sign-On and Mail after setup. The web service includes spoof prevention. In all cases, the ZSentry Usercode and Password are not online, so users cannot be impersonated even if there is a server breach.

The HIPAA HITECH rules, as well as breach notification laws in more than 45 U.S. states and other countries, provide "safe harbors" for encrypted information. According to HIPAA rules, encryption of protected health information (PHI) data at rest and in motion provides a safe harbor that protects organizations from the costs and losses associated with data breach notifications, and fines that can range from $10,000 to $1.5 million per violation.

ZSentry provides Safe Harbor compliance with HIPAA HITECH and other rules, with no fines and no liability in the breach notice context, as no user identity and data can be compromised. Furthermore, ZSentry provides compliance with or without a Business Associate Agreement. Read more

Conventionally, you cannot. Sending an email necessarily entails copying the message to other systems, which you may not have access to or even know of, potentially archiving the email forever. Senders and recipients may delete email files but, often, files can be easily undeleted or copied from a back-up. Senders and recipients may also get a screenshot of the email and save it. The result is undesired email retention, and an open risk for disclosure.

ZSentry Self-Destruct solves the various facets of this problem. You can actually eliminate the disclosure risk of email, webmail, SMS, IM, and file storage by setting it to self-destruct after the time you want, for example 30 days or even one hour. Read more

The ZSentry differential is not about encryption, as that needs to follow well-known standards such as AES, but about many points missing in other products and that are even more critical than encryption for privacy and security. The ZSentry advantage includes:

Design: simpler and complements rather than replaces existing solutions, operating Sans Target and providing an "all-in-one" seamless approach for anyway mobility.

No Plugins, Already Works: provides SSL/HTTP and SSL/SMTP service interfaces with no installation or plugins for all leading, familiar solutions including Google Apps, Outlook, Android, iPhone, iPad, and Exchange Server.

Foolproof: avoids common problems caused by human error or misuse, while providing two-factor authentication, multi-channel identification, anti-spoofing, data loss protection, secure archive, secure first-contact and quick reply options with no recipient signup required, document life-cycle management with self-destruct, control, delivery and tracking options, automatic key management, and private-key protection.

Sans Target: the ZSentry technology eliminates (rather than just protects) common attack targets. This helps allay staff concerns and reduces risk for everyone, including in the cloud and at the client's end. For example, ZSentry does not store your keys, Password and Usercode anywhere, not even encrypted. As another example, if you use the default ZSentry Automatic Skin, a part of your encrypted message may be stored online but the stored part is Sans Target and does not by itself allow the message to be decrypted.

Use what you’ve got. ZSentry is a distributed middleware security platform that works in-between the end-points, so that there are no changes for anyone. ZSentry functionality is already included in cloud-based, on-premise, and mobile solutions, which can now become regulatory compliant with anyway mobility, as well integrated and improved in new ways.

For example, use with any or all of Android (Samsung, HTC, Motorola), Apple (including Mac, iPhone, iPod, Mail, iPad, iCloud, Safari), BlackBerry (RIM devices, Mobile Fusion), Google (Apps, Gmail, Chrome), Linux (including Apache, Postfix, Dovecot), Microsoft (Windows, Phone 7, Outlook, Outlook Express, Live, Windows Mail, Office, Office 365, Exchange, Internet Explorer), Mozilla (Thunderbird, Firefox), Nokia (S60, Lumia), Yahoo, and other products, for secure mail, webmail, SMS, IM, web forms, Single-Sign-On, file storage, and other applications.

First, privacy and security. And new functions such as Self-Destruct and Secure Vault, allowing users to do more while keeping costs down. ZSentry also provides seamless integration for cloud, desktop, mobile, and web solutions, allowing users to greatly benefit from their integration.

With ZSentry could users can, for example, keep a plaintext copy of their sent emails in local files only, for privacy. They can also mashup with desktop data/services, including Outlook and Excel, which are much easier for corporate setup and dealing with moderate to high mail volume, incoming or outgoing.

ZSentry enables users to securely integrate data from different applications and different sources on the desktop in ways that people can't do so well yet with just cloud solutions, such as in sending secure personalized messages merging each recipient's name and records.

Using ZSentry, this can all be integrated with cloud systems such as Google Apps, Gmail, Microsoft 365, and Yahoo, offering redundancy, higher availability, easy access from anywhere, much lower cost (even free), 24/7 maintenance, and other benefits.

In the current Apple iOS version, iPad and iPhone devices store in keyboard cache files whatever the user types. However, Apple says that the iOS keyboard cache does not store data entered into a password field. All ZSentry services, including ZSentry Mobile and ZSentry App, use password fields to request both the user's ZSentry Usercode and Password, and should not have the user access credentials stored by the iOS.

Typing a secure email using iPad, iPhone, or any another device that has a keyboard cache file, can create a local plaintext copy of the message, even if the application does not store a plaintext copy (in a Sent folder, for example). If those are concerns in your case, we have solutions that may fit your needs; please submit a Support Ticket

ZSentry can help in many ways, even not requiring phone preset.

For example, You can safely keep ZSentry Secure Vault messages in your phone, tablet or any device, where every message is individually encrypted and requires your ZSentry two-factor authentication to read.

ZSentry will also self-destruct any messages using device authentication that expire, reducing everyone's window of exposure. When you use Secure Quick Reply, no copy is left in your device. When the message uses ZSentry Return Receipt, it automatically sends a notice to the sender with Who, Where, When, What and How information from the device upon reading the message.

With preset, ZSentry is compatible with third-party solutions to provide online access to self-service smartphone security functions, which let users reset a device password, lock a device remotely or wipe data from a device if it is lost or stolen. For more information, please submit a Support Ticket

ZSentry is a complement to Microsoft, Google, and other platforms, so that your ZSentry setup can use any or all of them, with redundancy and diversity, and change the mix at any time.

This allows you to easily "route around" and overcome a failure affecting a system or its network. For example, you can use a cell phone to send and receive secure email if your office Internet line is down.

With ZSentry you do not have to choose between desktop, cloud, web, and mobile setups. Read more

From the end user's point of view, after setup, ZSentry Single-Sign-On (SSO) is invisible, just as with an installable Google App. The user is logged in to Google Apps, going about a task, and then decides to send a secure email. The user clicks Compose and sees a drop-down list for the 'From' address. The user selects the 'From' address that uses ZSentry, writes the email, then clicks Send. That's all! The email is sent encrypted, securely, with all the ZSentry options. The SSO operation occurs behind the scenes, in-between clicking Send and the email being actually sent. If the user notices anything, it will be the absence of an intermediate login step.

Behind the scenes, when you click Send in Google Apps, your email is protected by ZSentry using encryption and authentication before transmission (by Google-ZSentry server-to-server authenticated SSL/SMTP), and will be delivered encrypted per-message, end-to-end (by ZSentry). You receive ZSentry secure email at your own Inbox (in Gmail, Google Apps, or in a Mail Client using your Google account), can read & reply securely, and avoid online breach notification liability.

How this works internally at ZSentry? There are well-known and recognized standards for encryption of email, including ITU-T and IETF X.509/PKI with S/MIME, and PGP with or without PGP/MIME encoding. ZSentry was developed after these standards and improves upon them in both usability and security. ZSentry reduces the requirements in four critical areas, as mentioned in this FAQ (see item "Why is ZSentry secure?").

Thus, from the technical viewpoint, standard encryption technology with the unique ZSentry Sans Target method keeps email safe and HITECH Safe Harbor compliant, sending data between parties as regular email without pre-arranged passwords. Even Google can't read or scan it. It doesn't require installation of any software, which promotes usability, and it even adds functionality such as self-destruct, with message level access control. It's also free for patients and personal use. Price starts at $4.99.

This answer is not specific to Gmail and applies also if you send a ZSentry mail to user@yahoo.com or any other address.

They receive ZSentry secure email at their own Inbox (in Gmail, Google Apps, Yahoo, or in a Mail Client). Both you, the sender, and the recipient can choose how they can read it, within your different roles. Suppose the sender chooses 'Automatic Skin', which is the default. The recipient gets a link to see an encrypted copy in the browser, and may also get a link to read the email directly in a Mail client (including Outlook, Apple Mail), where in both cases the recipient can reply securely with the From address that uses ZSentry. Alternatively, the sender can choose a different Skin and send the whole message encrypted, not just a link.

How does Gmail or Yahoo know how to decrypt the message? The link in Gmail or Yahoo connects in SSL to zsentry.com where the request is processed according to the sender's delivery request: for example, recipient must login. Or, recipient's mailbox must be authenticated. In each case, the sender may allow reading only until expiration (self-destructing afterward), request a return receipt with Who, Where, When, What, How information, and request other options such as to send back a secure archive copy that does not expire.

No. ZSentry does not use Postini, any other add-on, or plugin.

This makes it simpler and safer for customers, as Postini for Google Message Protection with Encryption requires a signed HIPAA Business Associate Agreement (ZSentry is in compliance with or without a BAA, see this FAQ), and is not HITECH Safe Harbor compliant. Thus, in addition to the higher cost, the customer is still subject to large fines, breach notification duties, loss of reputation, and can be sued by their users. Furthermore, the Postini security solution uses passwords for security, which is neither usable for the recipient nor secure.

ZSentry is already integrated with Google Single-Sign-On and Mail. The ZSentry for Google solution provides end-to-end security and usability, with no required Business Associate Agreement to sign, and eliminates (rather than just reduces) breach notification duties, operating in the Safe Harbor condition.

Yes. Google Apps, Gmail, MS Office 365 or any email you use, can be HIPAA compliant using ZSentry. There are no add-on, plugins, or changes to the user interface.

For example, ZSentry encrypts all data stored and transmitted via Google Apps, per message and such that Google administrators or anyone breaking into your Google account would never be able to read the PHI. This means HIPAA/HITECH Safe Harbor compliance. You can use Google Apps and Gmail also through Outlook, or use ZSentry directly with Outlook. And patients can use Gmail + ZSentry without cost to send and receive PHI, using Free Reply choices that you can easily provide to them.

However, the answer without using ZSentry is "No". Microsoft does not declare that Office 365 is HIPAA compliant. Google does not certify or identify Gmail or Google Apps as being compliant with HIPAA, while the Postini add-on (optional paid service for Google Apps) offers password-based encryption.

HIPAA requires that all associated service providers who will hold or retain protected health information (PHI) sign a business associate agreement. This means Google Apps, Gmail, and MS Office 365 would need to incorporate a business associate agreement into their service standard terms. However, even with that and add-ons, Google Apps, Gmail, and MS Office 365 are not in the HIPAA/HITECH Safe Harbor. Therefore, medical services providers should not transmit PHI via, or store PHI in, Google Apps, Gmail or MS Office 365 without using ZSentry.

ZSentry works in both environments. For example, you can set an Android phone to use Office 365 through Exchange to receive all email and send regular email, while the ZSentry account sends all secure email (and receives no email).

With ZSentry App, ZSentry always sends encrypted. With ZSentry Client, the behavior depends on the Mail client.

For example, Outlook can lock sending to be done by ZSentry as default, as exclusive option, as defined by the user, or as defined by policy (as a function if Subject or recipient, for example). Exchange Server can do the same, but centralized. Google Apps can also be set to send securely by default, or as selected by the user.

Because that's how it has ever been, for more than a generation. Even just one year ago (2010) secure email was one of those things that you couldn't really explain to people. It was something that senders and recipients had to see in action, something that they both had to experience.

That has all been solved with the launch of ZSentry, which improves, secures, and aggregates user's services on the desktop, phone, and web browser. Without any service changes, users can send, store, and read secure, HIPAA compliant data on multiple platforms, all at once. User services include email, webmail, SMS, IM, file storage, and single-sign-on. ZSentry works with leading solutions including Google Apps, Outlook, and iPad.

You already know how to use ZSentry, all you need to do is one mouse click.There is NO download, NO installation process, NO plugins, NO digital certificates to buy or send, NO changes at all in your system. Zmail ends the encryption / decryption hassle that for more than 15 years has prevented the widespread use of email encryption.

Encrypt with 1-click. You send encrypted Zmail using your own desktop Mail client such as Outlook and Apple Mail, a Cloud app such as Google Apps and Gmail for any email address including Yahoo and Hotmail, or the Zmail app using only your web browser. Easy to send, even on first contact.

Decrypt with 1-click. You receive zmail as a regular email message at your current email address at your desktop, webmail, or mobile device, using your current software and service, including Outlook, Mac Mail, Thunderbird, or web mail services such as Gmail, AOL, and Yahoo.

Zmail is easy to read. This makes it also easy for you to decide sending a secure email, because you know that any recipient can read it securely, without cost or installation, and (if you allow it) even without login or registration. You can send a secure email on first contact, to anyone.

In summary, senders and recipients can easily use ZSentry to improve, secure, and aggregate their current services, without any changes in the user interfaces. ZSentry works with leading solutions including Google Apps, Outlook, Android, iPhone, and iPad. Protected services include email, webmail, SMS, IM, file storage, and single-sign-on. Improvements include complementary ZSentry functions for document control, delivery, tracking, and auditing, such as Self-Destruct, Return Receipt, Secure Vault, Secure SMS, and Certified Delivery.

Because information will out. People are concerned about someone leaking confidential messages, password and keys. People also know that, in spite of best efforts, an online server can be attacked and information copied, in a service provider or even in their own secure server. Organizations also have a legal obligation to prevent privacy breaches, and not just for medical records (HIPAA).

There are other reasons, as well. For example, did you ever need to call to see if your email arrived? Do you think that someone could falsely claim that they did not receive your email, say that they sent it at an earlier time, or say that they received it later than they actually did? Are you concerned about email phishing and identity theft?

Today, those problems are recognized as major sources of fraud losses and concern, posing significant challenges to anyone from individuals to large corporations. Those problems are solved by ZSentry Mail. For more, read Encrypt & Self-destruct

ZSentry has several modules. The workhorse module is Mail, which is used to provide ZSentry Mail (Zmail) services.

Organizations can use Zmail to protect their business information and also to protect their customers from phishing emails; health care organizations and professionals can use Zmail to protect the confidentiality of private and health information in their email exchange; associations can use Zmail to send secure ballots for their members to vote securely without paying postal mail; law firms can send electronic and scanned documents with Zmail to cut down on FedEx costs and time. To track if their email was actually opened, when, where, and how, Zmail users can easily request a return receipt as a condition for the recipient to decrypt their message. Zmail messages can be further controlled, with release date, expiration date, unforgeable digital signature, and other features.

Varied business processes, from lead generation to online sales and requesting payment, can be done securely in 1-click using your existing email solution or web browser, with no plugin or download, and without requiring new investments, by means of "instant-on" ZModules such as, for example, Secure Mail, Secure Forms, and Secure Vault.

No. ZSentry works using technologies already built into your Web browser and Mail client software, on Windows, Mac OSX, or Linux.

ZSentry is compatible with Outlook, Thunderbird, Mac Mail, Eudora, Gmail, Yahoo, AOL, Firefox, Internet Explorer, Safari. There is NO download, NO certificates to install, NO pre-enrollment of recipients, NO password exchange with your recipients.

With nothing to download or learn by your recipients, you can use ZSentry right now to control and protect your email address, your identity online, emails and attachments.

ZSentry provides initial and ongoing support. The customer can use a ZSentry Certified Partner to also provide local and online support & setup services for the organization, and help assure regulatory compliance.

The roll-out process is usually done in two or more phases:

1. Managers: The customer chooses one or two ZSentry Account Managers (ZAM), then their accounts are setup and verified by ZSentry or a partner.
2. Users:The ZAM provides local support or helps users set up the other accounts, with ZSentry or partner support.
3. Waves: The user roll-out can be done in "waves", so that the roll-out load does not become too high for the organization.

Support includes a detailed Support Center, 24/7 self-management tools including password reset and recovery, Support Ticket submission, and phone support. The support interface is integrated with ZSentry App

NMA ZSentry Premium adds regulatory compliance, including HIPAA & HITECH Safe Harbor, mobility, functionality and usability, without changing your current solutions and providers. You can send securely to anyone with an email address, and receive their secure reply on first contact without requiring registration. ZSentry Premium may also be branded and customized. Read more

This is a ZSentry service offered by senders to recipients, providing Free Reply choices. All choices enable free, secure, first-contact messages and reply. Price: No cost.

There is no catch: we offer Free Reply choices to allow the recipients of paid ZSentry Premium messages to read and reply to them without cost, just like postal mail with a SASE (self-addressed, self-stamped envelope), but with higher security.

This service is offered using the ZSentry Basic terms of service, enabling cost-free end-to-end encryption, decryption, and authentication for personal use. To prevent abuse and spam using the free service, ZSentry Basic users can send a limited number of secure email Zmail messages a day. There is no limitation for reading.

Fast! The usual processing time is less than a second. Just as with regular emails, network delays may, however, result in a slower performance at your location.