Twilio SendGrid does not natively support HIPAA compliant data transmission. We do not offer any encryption or security measures surrounding message transmission beyond those included in the Simple Main Transfer Protocol (SMTP) RFC specification, which was not designed with HIPAA compliance in mind.
From our Terms of Service:
Twilio SendGrid does not intend uses of the Service to create obligations under The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Gramm-Leach-Bliley Act (“GLBA”) or similar laws and makes no representations that the Service satisfies the requirements of such laws. If You are (or become) a Covered Entity or Business Associate (as defined in HIPAA) or a Financial Institution (as defined in GLBA), You agree not to use the Service for any purpose or in any manner involving Protected Health Information (as defined in HIPAA) or Nonpublic Personal Information (as defined in GLBA).
Twilio SendGrid recommends users who transmit sensitive data adhere to the following best practices:
- Encrypt the message body of your emails on your end.
- Offer a secure download link for sensitive documents, rather than transmitting them directly via email.