Helping the internet follow HIPAA
What is Hippo?
Hippo helps you send truly private emails with gmail. The Hippo package comes in two parts, the self-hosted Hippo Web Service and Hippo Chrome Extension.
Hippo Web Service: A rails application that converts text into images (using wkhtmltoimage). It is also an API endpoint for the chrome extension.
Hippo Chrome Extension: A browser plugin which integrates Hippo into gmail. It adds buttons to gmail which communicate with the Hippo Web Service.
How does it work?
When you send an email using Hippo, the Hippo Chrome Extension extracts the body of the email and sends it to the Hippo Web Service. The web service converts the text into an image, saves the image to a local file server, and returns HTML used to display the file. The Hippo Chrome Extension replaces the old body of the email with HTML to display the image.
How does Hippo make Gmail more HIPAA compliant?
Emails sent with Hippo have two important differences from typical emails:
1. Google is no longer storing the email’s sensitive content. The email that Google stores will only contain a few lines of HTML to display an image.
2. Only authorized users can see Hippo hosted images. Since each image is hosted locally on the Hippo Web Service, the sensitive information never leaves your servers, and you can control who can see the image.
How secure is it?
Hippo uses Google OAUTH to grant access to the service. In order to convert or view an image with Hippo, a user must be registered with the Hippo service. Hippo can restrict registration based on email domain (i.e. @omadahealth.com ). In addition, Hippo admins can whitelist any email address to have access to Hippo. An additional layer of basic http authorization is used to protect each image as well in case your email account is breached, the sensitive information sent by Hippo is still safe.
Where do I sign up?
You can check it out at: https://github.com/vivster7/hippo
Enjoy sending truly private emails!