Frequently Asked Questions

HIPAA and HITECH Compliance for Gmail with Virtru

Virtru offers a secure, cost effective, and easy-to-use way for organizations using Google Apps to share sensitive information. By integrating directly into the Google environment, Virtru reduces complexity and simplifies HIPAA compliance.

How does Virtru facilitate compliance with HIPAA?

HIPAA-covered entities and business associates can provide satisfactory assurance that only authorized individuals have access to protected health information.

Security Rule: Virtru technology allows for compliance against the technical requirements outlined in the Security Rule by providing automatic encryption and access controls to ensure protection of PHI as it is transmitted electronically.

Privacy Rule: Virtru’s ability to detect the presence of PHI and Medical Code Sets is key to compliance with the Privacy Rule. This capability, correlating the detection of these two different data sources, ensures that users can accurately identify potential privacy breaches and apply appropriate protection actions.

Which features of Virtru support HIPAA Privacy and Security rules?

Virtru meets the technical standards defined by HIPAA and HITECH, as they relate to the encryption of sensitive information in transit and at rest.

Customers can manage access to information inside and outside of the organization using administrative controls:

At the core of Virtru-enabled applications is the Trusted Data Format (TDF), which allows fine-grained access control for all file types and attachments, such as emails, Office files, pdfs, photos, and videos. The TDF format, invented by Virtru co-founder Will Ackerly, wraps and protects content and communicates with Virtru-enabled key stores which maintain access privileges. When you send a Virtru-protected message, your content is encrypted and secured inside a TDF wrapper. When your receiver attempts to open it, the wrapper communicates with the Virtru server to verify that the receiver is eligible to see the information.

On-device encryption: Virtru employs true client-side encryption. Sensitive information is protected immediately on the device where it is created, before it is distributed.

Identity Management: Virtru users use their existing email address to send and receive secure emails. Virtru’s patented identity management technology uses OpenID and OAuth, open protocols widely adopted throughout the industry, to verify your identity with your existing email provider (Gmail, Yahoo, Microsoft), without the need for new accounts or new passwords.

Can Virtru sign Business Associate Agreements with healthcare customers?

Yes, Virtru has the ability to enter into BAAs with Enterprise customers. Please contact for more information.

For further information regarding Virtru’s compliance with HIPAA standards, contact us at