Is Plesk mail server HIPAA compliant?
HIPAA compliance for email requires not only encrypted connections to send and receive messages, but also encrypt the content of the mail messages.
The connections to/from the mail server can be secured using the SSL certificate as described in the articles:
- How to secure mail server with Let's Encrypt certificate
- How to secure mail service with a purchased SSL certificate?
Also, webmail can be secured on the per-domain basis as described in the articles:
- How to install SSL certificate on webmail in Plesk Onyx?
- How to secure webmail using Let's Encrypt in Plesk Onyx
- How to secure webmail with SSL certificate in Plesk 12.x?
Also, the security of mail server can be tightened using the CLI utility
pci_compliance_resolver: PCI DSS Compliance
As for encrypting the content of the mail messages, such functionality is not officially supported by Plesk.
Please take part in our product improvement by referring to the following link: https://plesk.uservoice.com/forums/184549-feature-suggestions
The top-ranked suggestions are likely to be included in the next versions of Plesk.
The message encryption can be configured in Postfix or Qmail on your own risk using 3rd-party solutions (for example, listed here http://www.postfix.org/addon.html), but be advised that such configuration will not be supported by Plesk.