Choosing a suitable product for secure email is essential, but can also be challenging.
Many products have extensive lists of available features, which, combined with the sometimes unclear certification status of suppliers in the healthcare sector, can cause confusion. When drawing up a shortlist of secure email providers, it is crucial to consider various factors. It is essential to use your own organization’s wishes and priorities as a guide.
At SecuMailer, we stay up to date on developments in secure emailing of confidential information and keep a close eye on our competitors. This allows us to know what is going on in the industry and what is and is not effective. To help you, we have compiled an honest list of the best solutions on the market that are our strongest competitors.
To compile this list, we used information from reliable, independent sources* and the official websites of various suppliers. These sources include Gartner reports, research by AG-Connect in collaboration with Zivver, the Faexit program, Informatieberaad Zorg, and NEN.
The list of top secure email providers was compiled by evaluating the criteria we outlined in our previous blog [link].
Disclaimer: The information in this blog is based on customer reviews, user surveys, and the websites of the sources mentioned*. Careful efforts have been made to avoid the author’s “own opinion.”
1: Zorgmail secure email from Enovation:
Biggest advantage: Extensively used in healthcare, at the lowest price
Technical solution: Zorgmail Secure Email is a messaging solution that allows connected users to exchange messages securely, both unstructured (ad hoc) emails and structured EDIFact messages. Zorgmail users can choose to use a zorgmail.nl address or connect to their own domain name with associated email addresses.
Security: Zorgmail meets the requirements for secure email. However, to reduce the recipient’s authentication, a TAN code has been chosen for the same email address as the notification message. This means that the lock and key are close together.
In addition, Zorgmail users who are unable to provide a self-declaration are excluded from the NTA 7516 security measures. This means that they cannot participate in interoperability and cannot send emails via NTA 7516 security that comply with the Dutch requirements for sending medical information (NTA 7516).
Zorgmail’s decision to serve both groups of users has created a gray area in which a false sense of security can arise.
Ease of use: Exchanging messages between Zorgmail users is safe and easy. Thanks in part to the address book available to users, other connected healthcare professionals are easy to reach. Ease of use remains high, even between healthcare professionals and other NTA 7516 users such as municipalities and the legal sector.
Receiving email messages from non-connected users, such as patients and other professionals, is however considered cumbersome, especially on mobile devices, where it is not a pleasant experience.
From a practical point of view, there is currently no good solution for sending emails from group mailboxes.
In addition, it is striking that users can decide for themselves whether an email is sent via Zorgmail; this is therefore not automatically configured for all outgoing emails from the user or organization. Often, only part of the organization uses Zorgmail, particularly for specific communications where extra attention is paid to the security of medical data.
Integrated into email environment: Zorgmail offers the possibility of integration with the workplace, for example via MS365, and various EPDs thanks to an available plugin. It is important to note that this plugin does not work with mobile phones and cloud workplaces.
Certifications: Enovation is certified for ISO 9001, ISO 27001, ISO 27799, NEN 7510 and was certified for NTA 7516 until May 2022.
Specialization: Enovation is strongly focused on the healthcare sector. This ensures a well-organized and secure exchange within healthcare regions and between hospitals and their ecosystem of primary and secondary care providers. In addition, there are also many integrations between Zorgmail and other digital applications, such as EPDs, HIS, and ZIS, which are widely used by healthcare providers.
Price level: For healthcare institutions, Zorgmail is by far the cheapest option. This makes them the best value for money on the market. It should be noted, however, that there is an alternative revenue model based on Edifact messages, which means that hospitals in particular bear a large part of the costs for general practitioners.
Investors: Enovation Group is wholly owned by private equity firm Main Capital.
2. Zivver:
Main advantage: Extensive functionality, a streamlined environment, and a completely independent platform.
Technical solution: Zivver is a messaging solution that allows connected users to exchange messages securely. Recipients who are not connected are invited to retrieve or view their messages via a guest portal. This portal approach gives the sender a high degree of control over the message. Zivver offers extensive options, such as making a message temporarily available, withdrawing it, multiple authentication methods for the recipient, and the option for the sender to see who has opened the message and whether it has been viewed.
Security: Zivver meets the requirements for secure email. By actively presenting the user with various choices via pop-ups and issuing warnings, the user is guided and supported in choosing the secure settings when composing the secure email. This makes it very clear to the user and the recipient that a secure email is being sent.
Ease of use: Zivver offers many options for active decision support for the user, resulting in a wide range of choices. This ensures that the difference between standard email and secure email is very clear. However, many users find the pop-ups and extra choices somewhat disruptive when composing an email. In addition, the recipient experience for guest users leads to extra interaction, as the emails raise additional questions. In practice, Zivver is often used selectively by the user.
Integrated into email environment: Zivver offers a handy plug-in for MS365 and Gmail, among others, which makes the secure email functionality available within your own email environment. The plug-in does require the right technical IT environment to function properly. Zivver also has integrations with various other applications, including Salesforce.
Certifications: Zivver has various certifications, including SOC2 type 2, ISO 27001, NEN 7510, and Privacy Verified. Until May 2022, Zivver was certified for NTA 7516.
Specialization: Because Zivver offers its users a very comprehensive proprietary platform, the product is highly suitable for immediate use in mature and immature IT environments. However, this may sometimes require additional effort to ensure a good fit with highly professional IT environments and large organizations. A careful approach, including extensive proof of concept (POC), is therefore recommended. Zivver is widely used in sectors such as business services, healthcare, government, and education. Zivver is currently focusing strongly on the UK and the US as growth markets.
Price level: Zivver offers the option of very small subscriptions, which is advantageous for smaller healthcare providers and SMEs. In addition, Zivver uses a pricing structure in which adding to the basic functionality quickly leads to an increase in the subscription price.
Investors: Zivver has completed several rounds of financing, with parties such as HenQ, DN Capital, and SmartFin involved.
3. Bastion 365:
Main advantage: Very easy to use for MS365 users thanks to seamless integration; suitable for cloud workplaces.
Technical solution: Bastion365 originated from a digital fax solution called Fenestrae and was developed entirely on Microsoft and MS365. Sending emails between addresses that use MS365 is seamless and secure. For users outside MS365, Bastion365 offers a portal solution.
Security: Bastion365 meets the requirements for secure email and integrates well with MS365’s DLP (Purview) and security policy capabilities. This makes it easy to choose a good setup that securely regulates the GDPR and the exchange of medical data via email.
Ease of use: As long as users send emails to other (business) users who also use MS365, the user experience is excellent. All support runs in the background and is available without the need for a plug-in. The recipient’s experience depends heavily on their use of MS365.
Visibility: Because Bastion365 relies heavily on integration with Microsoft, visibility for the user is low. This ensures a seamless email experience that is virtually identical to regular email. This makes it easy to always have it “on,” and the user needs to be less aware of information security and the associated choices.
Integrated into email environment: Fully compatible with MS365, as well as the cloud workplace and mobile phones.
Certifications: Bastion is certified for: ISO 27001; BIO. Until May 2022, Bastion 365 was certified for NTA 7516.
Specialization: Aimed at B2B users who mainly send secure emails to other Microsoft users. They focus specifically on the healthcare, government, and legal services sectors.
Price level: Average
Investors: Fenestrae has been acquired by an American partner, Dura.
Choosing the right secure email product for your organization:
The qualities and product features, prices, and certifications of the best-known secure email solutions in the Netherlands are described above.
Not sure which supplier is best for you? Take another look at our blog: selecting a secure email product for tips.[link]
If you are looking for a secure email solution in healthcare at the lowest price, Zorgmail from Enovation is definitely a good choice.
Are you looking for a product with extensive options, comprehensive support, and advisory functions? Then Zivver offers a secure product that is well suited to both the healthcare sector and (local) government organizations.
Do you and your employees mainly work with MS365? Then Bastion 365 offers the best user experience.
However, if you often share confidential information with private individuals, such as patients with sensitive information, citizens, and customers, none of these products are a good solution. A more suitable option would be to explore the possibilities of SecuMailer for emailing private individuals on our website.
Even if your employees are specialists in their field but have little affinity with information security, it is not a wise choice to replace the familiar email experience with a solution that leaves many choices up to the user. This is because they will then experience secure emailing as a lot of hassle. In addition, freedom of choice also offers the possibility of ignoring secure emails, which leads to data leaks, because people do sometimes make mistakes.
SecuMailer is Secure Emailing 3.0
SecuMailer’s Secure Email 3.0 approach focuses on seamless, organization-wide security. It no longer relies on awareness, but aims for “security by default.” Senders no longer have to make choices and don’t have to worry about the secure transmission of their emails. Security is managed centrally within the organization by specialists, such as privacy officers or IT administrators. This allows users to continue to focus on their work. Recipients no longer need to identify themselves for each message, unless the sending organization sets different rules. Emails arrive in the inbox, where the recipient expects them. Thanks to seamless integration with cloud workplaces, it doesn’t matter which device or email client is used to send emails. Human error is eliminated by default settings from the organization rather than awareness. This means that the sender can never accidentally send an email insecurely.
Read our blog [link] if you want to know more about the differences between the 1st, 2nd, and 3rd generations of secure email.
Emailing private individuals
Does your organization regularly send emails to citizens, patients, and private individuals? If so, it is important that the recipient of the secure email can easily receive the emails. Preferably directly in their inbox, so that the emails are always available where you expect them to be: on your phone, in your mailbox on your computer, everywhere at your fingertips, whenever you need them.
Of course, you want to be sure that the recipient is the right person, which is why the recipient must authenticate themselves via SMS message up to four times a year.
Automated emails via API link
Does your organization send large volumes of automated emails containing the recipient’s private data? For example, insurance policies, invitations to medical appointments, or do you want to inform a whole group of citizens in your municipality about an upcoming change?
Then it is good to know that SecuMailer is suitable for sending NTA 7516-secured emails directly to private individuals, linked to your information systems (EPD, case management system, mailers). These systems combine the automated emails with your recipients’ data.
In control of information security
Do you want your organization to be in control of information security and leave this choice to the IT security specialists? Then don’t ask your employees to make all kinds of considerations when sending emails. Research by Gartner shows that 74% of employees do not prioritize cybersecurity when making decisions. This makes them unsuitable for deciding whether or not to send secure emails. That is why it is wise to choose a third-generation secure email product, which allows employees to simply do their work while the secure email solution takes care of security.
Data minimization
Finally, it is important to consider whether you want to store a third copy of confidential emails for a longer period of time. The above-mentioned portal solutions all opt for data concentration, while the GDPR legislation requires data minimization. Would you like to know how we approach this differently? Click here to download SecuMailer’s white paper on data minimization.
Full integration with cloud workplaces
Because SecuMailer works entirely without plug-ins, integration with all cloud workplaces is completely seamless. Whether you work from your phone, iPad, at the office in the cloud, or from home on your business account, you can always send secure emails without having to make any additional choices. SecuMailer is always running in the background. Read more about the plug-in-free setup here [link].
If you would like to know more about our service, the steps required for implementation, or would like a quote, please contact our experts.
