VeraCrypt may not be HIPAA compliant. If it isn't, this encryption tool shouldn’t be used for protected health information (PHI).
Data encryption is an essential part of HIPAA compliance, and covered entities must ensure that information is fully encrypted both in transit and when stored. While VeraCrypt provides basic security features, its encryption tool may not be sufficient for protected health information (PHI).
VeraCrypt’s encryption hasn't been fully compatible with all types of computers, such as certain types of PCs. Additionally, it’s designed to be used on single devices. For HIPAA compliance, it’s best to have a centralized encryption system with administrative features that include remote access and remote encryption capabilities.
Information about VeraCrypt’s HIPAA-compliance effort is limited, so covered entities may want to consider choosing a commercial encryption service instead.
VeraCrypt is a free encryption tool that uses open-source software for Mac OSX, Windows, and Linux. Users can create a virtual encrypted disk or encrypt part or all of a storage device, such as a hard drive or USB drive.
Readers should perform their own research before making the final decision. The information on the Jotform HIPAA Compliance Checker does not constitute official healthcare or legal advice. Jotform is not liable for any damage or liabilities arising out of or connected in any manner with this platform.