Secure email icon on a computer keyboard—ideal visual for promoting SMIME certificates used in HIPAA-compliant healthcare environments. Perfect for showcasing PKI-based encryption and digital signature solutions for protecting patient data.

S/MIME Certificates Unlock Confident, Secure Email in Healthcare

December 31, 2025 • Lucy Buecking
S/MIME
 | 
Healthcare
 | 
EPCS
 | 
HIPAA

Have you ever received an email with a certificate icon similar to this?  certified email symbol

 

That icon indicates you have received a digitally signed email, from an authenticated sender, with the e-mail itself being non-reputable. With the digitally signed email arriving in your inbox, this means your inbox has received and trusted the sender’s public S/MIME certificate, and that the email was signed using that certificate prior to delivery. This digital handshake between your inbox and the sender’s communication serves as a strong assurance of trust and integrity in email communications, enabled by S/MIME technology. 

To inspect the digital signature details further, click on the icon. A new window will pop up and show the validity of the digital signature, the subject of the email the certificate is applied to, the identity owning the mailbox, and the email address associated with the mailbox that the email is coming from:

Digital Signature: Valid box

While there are different levels of assurance that one S/MIME certificate may provide, it is a tool that can enhance the security of protected data within an environment with a public key infrastructure (PKI). Organizations that must secure protected data sent via email include healthcare facilities governed by HIPAA. These facilities have network infrastructure and administration for their email service and may manage devices to distribute and maintain digital certificates on.

 

How S/MIME Certificates Work

The healthcare facility system administrator would use a mobile device management (MDM) solution like InTune to manage company laptops and phones where S/MIME certificates can be leveraged by the email inbox owner, i.e. the end user. An end user can apply for an S/MIME certificate from IdenTrust by providing proof of identity and organizational affiliation for the targeted S/MIME certificate. Once approved, the end user retrieves their S/MIME certificate, and the system administrator manages the distribution of the certificate into their central certificate store.

From the central certificate store, the system administrator may use the same S/MIME certificate and apply it to a device owner of the same email inbox that is accessible on another managed device. This allows the end user to send digitally signed email from their issued and managed work devices.

Senders may sign digitally signed email, which has its own level of assurance. The certificate may be manually reviewed and vetted by the recipient if the certificate is not yet trusted in the recipient's certificate store. For a recipient to trust the sender’s email signed and encrypted with an S/MIME certificate, the sender must request the S/MIME certificate of the recipient. This is so that the sender may encrypt the email communication with the recipient’s public key.

Once the sender encrypts the email message with the recipient’s public key, the exchange of information is a secured method for email delivery. The recipient decrypts the sender’s email message using the recipient's own public key. Then, the recipient has access to the encrypted email communication. 

Why Is S/MIME Important for Healthcare?

Healthcare facilities are especially at risk for attackers to target. They are high value stores of sensitive information, Personal Health Information (PHI) that is regulated by HIPAA rules for patient privacy. When PHI is transmitted to a known individual from a known individual, it is much easier to regulate whether the recipient and sender are allowed to share this PHI for 2 big reasons; 

  1. Ownership of each email inbox is vetted
  2. The contents of the message are secured so that an unintended recipient of the encrypted message must also have the recipient’s public key to decode the message and access the private information

These are reasons why HIPAA requirements mandate the use of digital certificates when sending email messages in their firewalled environment, so that the health care institutions effectively safeguard patient privacy.

For more information about S/MIME Certificates, check out our data sheet.

Purchase S/MIME certificates here to start securing your healthcare emails today>>