Yes, Virtru’s data protection services meet HIPAA compliance requirements with encryption and access restriction. Virtru will sign a Business Associate Agreement (BAA).
Additionally, Virtru provides administrative controls for managing emails, photos, videos, PDFs, and Office files. You can manage authorization to allow or disallow users to access specific content and types of content. Tracking and monitoring features provide real-time protection for patient information.
Other HIPAA-compliant security features include forwarding restrictions and the ability to revoke messages after they are sent. When sharing information between patients and colleagues, the content is always protected, private, and audit-ready.Virtru offers client-side email encryption if you’re using the plugin with on-device encryption. When creating information on the device, the protection occurs immediately (before distribution). Advanced controls allow end-to-end encryption, so patient information is always safe.
Virtru can integrate end-to-end encryption in Gmail. Google will sign a BAA and ensure protection for content within your email account. But privacy control isn’t available when the data leaves the Gmail ecosystem. Virtru offers an extra layer of security to strengthen privacy controls after email leaves your inbox. When using Virtru and Gmail together, you must have a signed Business Associate Agreement (BAA) from both providers.
All Virtru services meet or exceed technology standards required for HIPAA compliance. Virtru is willing to sign a (BAA) for customers on most of its paid plans. BAAs aren’t available if you are an unpaid user with a Personal Privacy account. If you need a signed BAA, purchase a paid plan and contact the support team to receive this HIPAA-compliant documentation. It usually takes one to two weeks to receive the countersigned document. You should not enter patient health information in the system until this document is signed.