Fig. 01 · HIPAA Workspace

Mail, files, docs, and chat for ePHI workflows.

IRONKEEP gives healthcare teams and business associates one protected place to work, control access, retain records, and prepare evidence.

Healthcare access

Scope your HIPAA workspace.

Discuss ePHI workflows, BAA needs, retention requirements, and deployment fit.

Request healthcare access →
  • BAA scoping
  • Retention review
  • No sales call required

Product 01

MAIL

Email, calendar, and contacts for healthcare teams.

Secure healthcare email

Send and receive protected email for ePHI, internal operations, vendor coordination, and patient-adjacent workflows.

Threat checks before delivery

Messages, links, and attachments are screened before they reach an inbox.

Bring your domain

Move over with guided domain setup, mailbox import, and familiar email workflows.

More MAIL features

Calendar and contacts

Schedule meetings, manage contacts, and keep healthcare collaboration inside the same protected boundary.

HIPAA handling labels

ePHI, internal, vendor, and administrative markings stay visible to users and compliance teams.

Team mailbox controls

Route, filter, and manage shared mail without sending regulated work outside IRONKEEP.

Product 02

DRIVE

Files, docs, sharing, and version history.

Protected files and docs

Store policies, intake documents, spreadsheets, exports, and operational files that may contain ePHI inside the IRONKEEP boundary.

Easy to organize

Use folders, labels, previews, and search to keep healthcare work easy to find.

Controlled sharing

Share files with the right people using clear view, comment, and edit access.

More DRIVE features

Version history

Restore earlier versions when a file changes or gets overwritten.

Upload scanning

Scan uploads for malware before risky files enter shared work.

Product 03

DOCS

Documents and spreadsheets with real-time collaboration.

Real-time co-editing

Work on policies, procedures, reports, and internal documents together in real time.

Document editor

Create and edit rich text documents without leaving the IRONKEEP suite.

Spreadsheet editor

Build and edit spreadsheets with formulas, tables, and shared data.

More DOCS features

Presentation editor

Create and present slides, with import and export for standard formats.

Version history

See earlier versions of any document and restore them when needed.

Comments and suggestions

Leave inline comments, suggest edits, and resolve feedback without switching tools.

Product 04

CHAT

Team chat that stays inside the HIPAA workspace.

Channels and DMs

Keep operational conversations, private channels, and direct messages in scope.

Threads and mentions

Discuss decisions clearly with threads, mentions, edits, and unread state.

Secure attachments

Share files in chat without sending work outside the suite.

More CHAT features

Searchable conversations

Find the channels, threads, and messages you are allowed to see.

Notifications that fit work

Use mentions, unread state, and digests to keep conversations moving.

Inside one suite

No separate chat vendor, identity setup, or compliance evidence workflow to manage.

Status · June 2026

Honest about where we are.

HIPAA support
IRONKEEP supports secure collaboration workflows for organizations that handle ePHI, with a BAA signed during onboarding where required.
Evidence tools
Admin controls, audit logs, legal holds, retention settings, and scoped exports are part of the product workflow.
Roadmap
HITRUST certification work is in progress, alongside FedRAMP Moderate authorization under the FedRAMP 20x program.

Fig. 02 · Security stack

Encrypted, isolated, and closed to our own operators.

01 Encrypt

Your mail, files, docs, chat, calendar, and contacts stay protected at every layer.

Layer 01

Data at rest

Your organization's data is encrypted with keys scoped to your account.

Layer 02

Sensitive fields

Subjects, addresses, names, and events are encrypted before storage.

Layer 03

Device cache

Local browser state stays protected behind a user PIN.

02 Separate

Each organization stays separate across access, storage, encryption, and identity.

  1. Check 01

    Access

    Every request is limited to the caller's organization.

  2. Check 02

    Storage

    Files and stored content stay tied to your organization.

  3. Check 03

    Keys

    One organization's keys cannot unlock another organization's data.

  4. Check 04

    Identity

    Organization access comes from IRONKEEP identity or your trusted identity provider.

03 Control

Zero operator access to tenant content.

IRONKEEP staff can manage organization records, tenant metadata, console-only accounts, and infrastructure. They cannot create product users, read decrypted tenant content, run tenant decrypt operations, or generate tenant search tokens.

Implementation path

From HIPAA scope to a cleaner workflow.

  1. 01

    Scope ePHI workflows.

    Decide which teams, mailboxes, folders, docs, and chat channels may contain ePHI.

  2. 02

    Import email and files.

    Bring your domain, mailboxes, calendars, contacts, and protected work into IRONKEEP.

  3. 03

    Set controls and evidence.

    Use identity, audit logs, retention settings, legal holds, and exports to support your compliance workflow.

Who it's for

Built for healthcare-adjacent teams handling sensitive work.

Covered entities coordinating outside the EHR.

A clinic, provider group, or health plan needs secure email, files, docs, and chat for work that may contain ePHI.

Business associates with shared evidence needs.

A billing, analytics, consulting, IT, or operations vendor needs BAA-scoped collaboration without scattering records across consumer tools.

Healthcare teams cleaning up tool sprawl.

Email in one place, files in another, chat somewhere else. IRONKEEP brings the workflow into one governed suite.

FAQ

Common HIPAA questions.

Is IRONKEEP a complete HIPAA compliance program?

No. Your organization owns HIPAA compliance, policies, training, risk analysis, record schedules, and legal review. IRONKEEP provides secure collaboration, access control, audit, retention, legal hold, and export tooling to support those workflows.

Do we need a BAA?

Yes. If IRONKEEP creates, receives, maintains, or transmits ePHI for your organization, we sign a BAA during onboarding.

Where is my data stored?

United States only, on FedRAMP Moderate authorized cloud infrastructure, administered by US citizens. FedRAMP Moderate is the security baseline US federal agencies require for sensitive cloud workloads. Tenant-scoped encryption keys and tenant isolation keep other tenants and IRONKEEP staff from reading tenant content.

Does HIPAA require every medical record to be kept for six years?

No. HHS says the HIPAA Privacy Rule does not set a medical-record retention period. State law and organization policy usually drive medical-record schedules, while HIPAA does require certain required documentation to be retained for six years.

What about retention, legal hold, and eDiscovery?

IRONKEEP supports configurable retention, matter-based legal holds, deletion blocks for held records, audit trails, and scoped exports for compliance or legal review.

Can IRONKEEP staff read my email?

No. Zero operator access to tenant content is enforced by explicit deny rules on decrypt operations. IRONKEEP staff cannot read decrypted tenant content, run tenant decrypt operations, create product users, or generate tenant search tokens.