Covered entities coordinating outside the EHR.
A clinic, provider group, or health plan needs secure email, files, docs, and chat for work that may contain ePHI.
Fig. 01 · HIPAA Workspace
IRONKEEP gives healthcare teams and business associates one protected place to work, control access, retain records, and prepare evidence.
Healthcare access
Discuss ePHI workflows, BAA needs, retention requirements, and deployment fit.
Product 01
Email, calendar, and contacts for healthcare teams.
Secure healthcare email
Send and receive protected email for ePHI, internal operations, vendor coordination, and patient-adjacent workflows.
Threat checks before delivery
Messages, links, and attachments are screened before they reach an inbox.
Bring your domain
Move over with guided domain setup, mailbox import, and familiar email workflows.
Calendar and contacts
Schedule meetings, manage contacts, and keep healthcare collaboration inside the same protected boundary.
HIPAA handling labels
ePHI, internal, vendor, and administrative markings stay visible to users and compliance teams.
Team mailbox controls
Route, filter, and manage shared mail without sending regulated work outside IRONKEEP.
Product 02
Files, docs, sharing, and version history.
Protected files and docs
Store policies, intake documents, spreadsheets, exports, and operational files that may contain ePHI inside the IRONKEEP boundary.
Easy to organize
Use folders, labels, previews, and search to keep healthcare work easy to find.
Controlled sharing
Share files with the right people using clear view, comment, and edit access.
Version history
Restore earlier versions when a file changes or gets overwritten.
Upload scanning
Scan uploads for malware before risky files enter shared work.
Product 03
Documents and spreadsheets with real-time collaboration.
Real-time co-editing
Work on policies, procedures, reports, and internal documents together in real time.
Document editor
Create and edit rich text documents without leaving the IRONKEEP suite.
Spreadsheet editor
Build and edit spreadsheets with formulas, tables, and shared data.
Presentation editor
Create and present slides, with import and export for standard formats.
Version history
See earlier versions of any document and restore them when needed.
Comments and suggestions
Leave inline comments, suggest edits, and resolve feedback without switching tools.
Product 04
Team chat that stays inside the HIPAA workspace.
Channels and DMs
Keep operational conversations, private channels, and direct messages in scope.
Threads and mentions
Discuss decisions clearly with threads, mentions, edits, and unread state.
Secure attachments
Share files in chat without sending work outside the suite.
Searchable conversations
Find the channels, threads, and messages you are allowed to see.
Notifications that fit work
Use mentions, unread state, and digests to keep conversations moving.
Inside one suite
No separate chat vendor, identity setup, or compliance evidence workflow to manage.
Status · June 2026
Fig. 02 · Security stack
Your mail, files, docs, chat, calendar, and contacts stay protected at every layer.
Data at rest
Your organization's data is encrypted with keys scoped to your account.
Sensitive fields
Subjects, addresses, names, and events are encrypted before storage.
Device cache
Local browser state stays protected behind a user PIN.
Each organization stays separate across access, storage, encryption, and identity.
Access
Every request is limited to the caller's organization.
Storage
Files and stored content stay tied to your organization.
Keys
One organization's keys cannot unlock another organization's data.
Identity
Organization access comes from IRONKEEP identity or your trusted identity provider.
Zero operator access to tenant content.
IRONKEEP staff can manage organization records, tenant metadata, console-only accounts, and infrastructure. They cannot create product users, read decrypted tenant content, run tenant decrypt operations, or generate tenant search tokens.
Implementation path
Scope ePHI workflows.
Decide which teams, mailboxes, folders, docs, and chat channels may contain ePHI.
Import email and files.
Bring your domain, mailboxes, calendars, contacts, and protected work into IRONKEEP.
Set controls and evidence.
Use identity, audit logs, retention settings, legal holds, and exports to support your compliance workflow.
Who it's for
Covered entities coordinating outside the EHR.
A clinic, provider group, or health plan needs secure email, files, docs, and chat for work that may contain ePHI.
Business associates with shared evidence needs.
A billing, analytics, consulting, IT, or operations vendor needs BAA-scoped collaboration without scattering records across consumer tools.
Healthcare teams cleaning up tool sprawl.
Email in one place, files in another, chat somewhere else. IRONKEEP brings the workflow into one governed suite.
See also
FAQ
No. Your organization owns HIPAA compliance, policies, training, risk analysis, record schedules, and legal review. IRONKEEP provides secure collaboration, access control, audit, retention, legal hold, and export tooling to support those workflows.
Yes. If IRONKEEP creates, receives, maintains, or transmits ePHI for your organization, we sign a BAA during onboarding.
United States only, on FedRAMP Moderate authorized cloud infrastructure, administered by US citizens. FedRAMP Moderate is the security baseline US federal agencies require for sensitive cloud workloads. Tenant-scoped encryption keys and tenant isolation keep other tenants and IRONKEEP staff from reading tenant content.
No. HHS says the HIPAA Privacy Rule does not set a medical-record retention period. State law and organization policy usually drive medical-record schedules, while HIPAA does require certain required documentation to be retained for six years.
IRONKEEP supports configurable retention, matter-based legal holds, deletion blocks for held records, audit trails, and scoped exports for compliance or legal review.
No. Zero operator access to tenant content is enforced by explicit deny rules on decrypt operations. IRONKEEP staff cannot read decrypted tenant content, run tenant decrypt operations, create product users, or generate tenant search tokens.
Healthcare access
Request early access to discuss ePHI scope, BAA needs, retention requirements, and deployment fit.
No sales call required.