Virtru helps you comply with HIPAA Security standards by providing client-side encryption of sensitive information and restricting access only to the authorized recipient(s) you outline. With any paid Virtru plan, organizations can send Protected Health Information (PHI) compliant encrypted emails, revoke sent messages and restrict forwarding. Confidential information sent to colleagues and patients remains private, audit-ready, and protected.
The rest of this article provides more details about how Virtru helps you comply with HIPAA Security standards. If you’d like to learn more about HIPAA compliant email, please download our free guide today.
Business Associate Agreements (BAAs)
Each version of Virtru meets or exceeds all relevant HIPAA standards, but the law requires companies using products to secure PHI sign a BAA. Virtru offers BAAs with most of its current paid packages. If you require a BAA and would like to learn more about this option, please contact the Virtru Sales Team.
Personal Privacy Users
BAAs are not available to unpaid users on Personal Privacy accounts. If you require a BAA, please contact the Virtru Sales Team to purchase a paid plan that includes a BAA.
Signing a BAA with Virtru
If you are an eligible paying customer, Virtru has the ability to enter into a BAA with you. Please contact our Support Team to receive the necessary documentation. Please note that once you submit a completed BAA it can take up to 1-2 weeks for Virtru process and return the countersigned document.
BAAs with Google
Google’s BAA covers sensitive content shared within your domain or the broader Google ecosystem, but it does not enable HIPAA compliance for emails and files shared with non-Google customers (ex. someone who uses Outlook). You need additional security like Virtru to help ensure your content is HIPAA compliant no matter where it travels.
Virtru meets the technical standards defined by HIPAA and HITECH, as they relate to the encryption of sensitive information in transit and at rest.
At the core of Virtru-enabled applications is the Trusted Data Format (TDF), which allows fine-grained access control for all file types and attachments, such as emails, Office files, pdfs, photos, and videos.
Customers can manage access to information inside and outside of the organization using administrative controls:
- Strong data encryption technology for files and messages in transit and at rest
- Explicitly authorize users to access protected information
- Configure data confidentiality around specific content and content types
- Set limits on forwarding of messages inside and outside of the organization
- Revoke protected messages
- Monitor and track protected information
- Quickly search and manage encrypted emails
Organizations can still meet HIPAA compliance with Encrypted Search enabled.
On-Device Encryption & Identity Management
On-device encryption: For plugin users, Virtru employs true client-side email encryption. Sensitive information is protected immediately on the device where it is created, before it is distributed.
Identity Management: Virtru users use their existing email address to send and receive secure emails. Virtru’s patented identity management technology uses OpenID and OAuth, open protocols widely adopted throughout the industry, to verify your identity with your existing email provider (Gmail, Microsoft), without the need for new accounts or new passwords.