To get started with HIPAA Rule Pack for Google and for a quick demonstration of how to customize the pre-configured rules, please watch this quick demo.
Virtru’s encryption complies with FIPS 140-2, but not always by default. Customers should make sure to request Virtru with FIPS mode enabled to ensure FIPS 140-2 compliance across all Virtru platforms.
We use 3rd party AES-256 encryption libraries that have been certified by or for companies such as Google, Apple and Microsoft (more details below). As such, Virtru has not been required to go through a validation directly.
The Certificates for the certified Cryptographic Libraries are all listed here. The certificate numbers in question depend on platform and are listed below:
– # 1329 – Outlook for Desktop – Windows 7
– # 2357 – Outlook for Desktop – Windows 8
– # 2021 – iOS
– # 1747 – Android, Chrome*
*Upon request, we can enable FIPS mode in Virtru’s Chrome extension, but that platform does not use a FIPS module by default today.
Virtru provides client-side encryption within a package that works with the email provider you’re already using, and without a complicated portal. There’s no complicated setup procedure, and there’s no need to spend weeks training your staff (or worse, your patients). When you receive an email from Virtru, you simply sign up for a quick account and then proceed to read your email.
Virtru has the added bonus of allowing your administrators, teachers, parents, and students to access their encrypted email in their own inboxes, giving them control of their secure information. Not only do they not have to worry about remembering portal credentials, but they also don’t have to worry about logging in through multiple gateways just to access past records.
Confidential information sent to colleagues, other institutions, and parents remains private, audit-ready, and protected. Once a student turns 18, Virtru can be used to rescind permission to previously sent emails, enabling students to have full control over who sees their records.
Virtru meets the technical standards defined by HIPAA and HITECH, as they relate to the encryption of sensitive information in transit and at rest.
Customers can manage access to information inside and outside of the organization using administrative controls:
- Strong data encryption technology for files and messages in transit and at rest
- Explicitly authorize users to access protected information
- Configure data confidentiality around specific content and content types
- Set limits on forwarding of messages inside and outside of the organization
- Revoke protected messages
- Monitor and track protected information
At the core of Virtru-enabled applications is the Trusted Data Format (TDF), which allows fine-grained access control for all file types and attachments, such as emails, Office files, pdfs, photos, and videos. The TDF format, invented by Virtru co-founder Will Ackerly, wraps and protects content and communicates with Virtru-enabled key stores which maintain access privileges. When you send a Virtru-protected message, your content is encrypted and secured inside a TDF wrapper. When your receiver attempts to open it, the wrapper communicates with the Virtru server to verify that the receiver is eligible to see the information.
On-device encryption: Virtru employs true client-side email encryption. Sensitive information is protected immediately on the device where it is created, before it is distributed.
Identity Management: Virtru users use their existing email address to send and receive secure emails. Virtru’s patented identity management technology uses OpenID and OAuth, open protocols widely adopted throughout the industry, to verify your identity with your existing email provider (Gmail, Microsoft), without the need for new accounts or new passwords.
To learn more about HIPAA compliant email, please download our free guide today.