Virtru helps organizations adhere to HIPAA compliance by providing client-side encryption of sensitive information and restricting access to only authorized recipients. With a paid Virtru plan, organizations can send Protected Health Information (PHI) in compliant encrypted emails, revoke sent messages, and restrict forwarding. Confidential information sent to colleagues and patients remains private, audit-ready, and protected.
The rest of this article provides more details about how Virtru can help in your HIPAA Security compliance strategy. If you’d like to learn more about HIPAA compliant email, please download our free guide today.
Business Associate Agreements (BAAs)
Business Associate Agreements (BAAs)
Each version of Virtru meets or exceeds all relevant HIPAA technological standards, but law requires companies using products to secure PHI sign a BAA with providers. Virtru offers a signed BAA with most of its paid packages. If you require a BAA and would like to learn more about this option, please contact the Virtru Sales Team.
Personal Privacy Users
BAAs are not available to unpaid users on Personal Privacy accounts. If you require a BAA, please contact the Virtru Sales Team to purchase a paid plan that includes a BAA.
Signing a BAA with Virtru
If you are an eligible paying customer, Virtru has the ability to enter into a BAA with your company. Please contact our Support Team to receive the necessary documentation. Please note that once you submit a completed BAA it can take up to 1-2 weeks for Virtru to process and return the countersigned document.
BAAs with Google
Google’s BAA covers sensitive content shared within your domain or the broader Google ecosystem. However, once it leaves that ecosystem, you are no longer in control of that content. Virtru's additional privacy controls help limit risk by strengthing control over your HIPAA content no matter where it travels.
Virtru meets the technical standards defined by HIPAA and HITECH, as they relate to the encryption of sensitive information in transit and at rest.
At the core of Virtru-enabled applications is the Trusted Data Format (TDF), which allows fine-grained access control for files and attachments, such as emails, Office files, pdfs, photos, and videos.
Customers can manage access to information inside and outside of the organization using administrative controls:
- Strong data encryption technology for files and messages in transit and at rest
- Explicitly authorize users to access protected information
- Configure data protection around specific content and content types
- Set limits on forwarding of messages inside and outside of the organization
- Revoke protected messages
- Monitor and track protected information
- Quickly search and manage encrypted emails
Organizations can still meet HIPAA compliance with Encrypted Search enabled.
On-Device Encryption & Identity Management
On-device encryption: For plugin users, Virtru employs true client-side email encryption. Sensitive information is protected immediately on the device where it is created, before it is distributed.
Identity Management: Virtru users use their existing email address to send and receive secure emails. Virtru’s patented identity management technology uses OpenID and OAuth, open protocols widely adopted throughout the industry, to verify your identity with your existing email provider (Gmail, Microsoft), without the need for new accounts or new passwords.
The 5 Biggest Challenges Facing Healthcare Data Security Today
HIPAA Email Compliance – Why it’s Crucial for Enterprise IT
HIPAA Compliant Gmail – What You Need to Know
How Encryption Could Have Prevented 3 HIPAA Violations