Is VeraCrypt HIPAA compliant?

Feb 24, 2021

No, VeraCrypt isn’t HIPAA compliant. This encryption tool shouldn’t be used for protected health information (PHI).

Data encryption is an essential part of HIPAA compliance, and covered entities must ensure that information is fully encrypted both in transit and when stored. While VeraCrypt provides basic security features, its encryption tool isn’t sufficient for protected health information (PHI).

VeraCrypt’s encryption isn’t fully compatible with all types of computers, such as certain types of PCs. Additionally, it’s designed to be used on single devices. For HIPAA compliance, it’s best to have a centralized encryption system with administrative features that include remote access and remote encryption capabilities.

Because information about VeraCrypt’s HIPAA-compliance effort is limited, and VeraCrypt won’t sign a business associate agreement (BAA), covered entities should choose a commercial encryption service instead.

Reference link for VeraCrypt:

https://sourceforge.net/p/veracrypt/discussion/general/thread/c1599eb1/

Product details

Company Logo

Business Associate Agreement

HIPAA Compliant

Website

https://www.veracrypt.fr/en/Home.html

Product description

VeraCrypt is a free encryption tool that uses open-source software for Mac OSX, Windows, and Linux. Users can create a virtual encrypted disk or encrypt part or all of a storage device, such as a hard drive or USB drive.

Disclaimer:

Readers should perform their own research before making the final decision. The information on the JotForm HIPAA Compliance Checker does not constitute official healthcare or legal advice. JotForm is not liable for any damage or liabilities arising out of or connected in any manner with this platform.

If you see any incorrect, incomplete or inaccurate information, please request correction by filling the form below.

Request Correction