By itself, email encryption can help to prevent HIPAA violations caused by hackers, but not those caused by user error. Even a trained user can accidentally type in the wrong address or attach the wrong file, forward an email chain without noticing there’s PHI in it, or simply forget to encrypt the message.
Virtru HIPAA compliant email encryption has powerful tools to mitigate or even prevent breaches after a user has sent the wrong email, but ideally, your users should never get to that point. That’s why we’ve provided Virtru Data Loss Prevention (DLP) for Outlook and Gmail, with a powerful set of customizable HIPAA email rules that you can configure to stop and warn users from making HIPAA email compliance mistakes before an email is sent.
Virtru DLP Enforces HIPAA Email Rules While Training your Organization
Virtru DLP is designed to meet the compliance and security needs of healthcare providers and other organizations dealing with sensitive data. Using customizable rules, it scans the body, title and address or domain of an email. If it detects content that presents a risk, it will automatically avert it with a predetermined action, such as:
- Warning the user
- Encrypting the email
- Stripping attachments
- Sending a copy to a supervisor
- Adding text to the end of the message
Virtru’s HIPAA Compliance Rule Pack is an additional offering that already comes preconfigured to detect SSNs, phone numbers, DEA codes and other HIPAA PHI. When the user hits “send,” it enforces HIPAA email rules to avert breaches. See it in action here:
With a few clicks, Virtru DLP can be configured to stop workers from emailing PHI without encrypting, or strip attachments from emails sent outside your organization. It can also enforce complex, organization-specific rules — for example, restricting which workers can send or receive PHI to satisfy the minimum necessary standard, whitelisting patients, or BCC’ing messages with PHI to an administrator to verify HIPAA email compliance. It can even require multiple pieces of information to trigger a rule, such as the word “patient” and a birthdate.
Virtru PRO and HIPAA Email Rules Provide Multi-Layer Protection Against Breaches
Virtru DLP is integrated with Virtru Pro, allowing organizations to combine user-level controls with organizational HIPAA email rules. Virtru Pro comes with 1-click email and attachment encryption, and functions to revoke messages, disable email forwarding, and set time limits on messages. It also provides read receipts, allowing users to see who has read an email.
This lets end users minimize the potential exposure of PHI. For example, an office manager could send patient schedules to various hospital departments, disabling forwarding and setting the message to expire the next day. This would allow the right staff to see the relevant information, while preventing accidental forwarding or future exposure. The hospital’s admin could use HIPAA email rules DLP to ensure the manager’s messages are encrypted, and prevent them from accidentally sending them to the wrong address.
If the manager did manage to make a mistake not covered by DLP, they could immediately revoke the secure email, then check the Virtru read receipt. If they caught it before the recipient read it, the organization would be exempted from HIPAA breach notification. Even if the email were sent to multiple people who opened it, the manager could revoke the email (preventing future access) and use read receipt to pinpoint exactly who had received it, allowing them to mitigate the breach.
By combining strong encryption, access control, detection and DLP tools into a user-friendly package, Virtru makes HIPAA email compliance easier and safer. We’ll help to stop hackers with powerful encryption and prevent user errors from causing data breaches, all without the hassle and inconvenience of healthcare portals.
Ready to learn more, or see Virtru in action? Request a demo today.