<img src="https://ad.doubleclick.net/ddm/activity/src=11631230;type=pagevw0;cat=pw_allpg;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=1;num=1?" width="1" height="1" alt="">

Security Architecture That Speaks to Engineers: Why Form Health Chose Virtru for Gmail

Form Health
"From a systems design standpoint, I found Virtru to be the system I could clearly understand. I could look at it and understand how a message moves, how the keys for it move, how the data is stored, and how the data is treated in transit ... It was a familiar secure architecture, clearly built by people who had done this before."

Matt Lanier

InfoSec, Security and Privacy Officer

Form Health is a virtual clinic that provides comprehensive and science-based treatment for obesity and cardiometabolic conditions. Form Health has recently pivoted from serving individuals directly to partnering with large enterprises—employers and insurance companies who recognize the value of helping their employees and members achieve their weight loss and health goals. This strategic shift brought new security challenges that required an innovative solution.

As a healthcare provider handling sensitive patient information, Form Health had security needs that exceeded those of an ordinary business. The company operates under strict HIPAA regulations while simultaneously managing the varied compliance requirements of their enterprise customers across different industries, each with their own regulatory frameworks.

With Virtru, Form Health is able to:

  • Seamlessly integrate strong encryption into their existing Google Workspace environment without requiring additional applications or login credentials, reducing implementation time from weeks to days.
  • Maintain strict HIPAA and SOC compliance, eliminating previous communication bottlenecks.
  • Confidently demonstrate their security measures to enterprise customers during compliance assessments, providing the artifacts needed to prove data protection while supporting business growth.

The Enterprise Communication Dilemma: Multiple Systems, One Need for Security

When Form Health began working with large enterprise customers, they encountered a complex communications challenge. Their team needed to exchange confidential information with multiple enterprise partners, each using different secure email systems. This fragmented approach was becoming increasingly unsustainable.

"We need to exchange a lot of confidential email with our customers," explains Matthew Lanier, who spearheaded the security solution search at Form Health. "Our customers are large employers and insurance companies who have decided that it's in everyone's best interests for them to help their employees or members improve their health through science-based obesity treatment."

The existing process created significant inefficiencies. Only select Form Health employees had access to customer secure email platforms, forcing others to funnel their communications through these individuals. As the business grew, this bottleneck became problematic.

"We decided that was no longer a good use of the company's time or money."

Form Health needed their own secure communication platform—one that would allow them to initiate confidential conversations directly while maintaining the highest security standards and compliance with multiple regulatory frameworks.

An Engineer’s Search for Simple, Strong Gmail Encryption

Lanier brought significant technical expertise to the search for a secure email solution. His background as an infrastructure engineer meant he could evaluate potential solutions at a deep level, looking beyond marketing claims to understand the underlying architecture.

"I did dive deeply into how these systems worked," Lanier explains. "From a systems design standpoint, I found Virtru to be the system I could clearly understand. I could look at it and understand how a message moves, how the keys for it move, how the data is stored, and how the data is treated in transit."

This level of transparency wasn't universal among the vendors Form Health evaluated. "Not every vendor was willing to share that information," Lanier notes. His technical assessment revealed that Virtru's architecture followed proven security patterns. "It was a familiar secure architecture, clearly built by people who had done this before."

The recommendation of Virtru from respected colleagues also carried weight. "Virtru was suggested to me by both an engineering leader and a leader in the space of benefit-deployed medical care," Lanier shares. While he still conducted due diligence on other options, these endorsements from trusted sources reinforced his own technical assessment.

Why Architectural Excellence Made Virtru the Clear Winner

What ultimately convinced Form Health to choose Virtru was a combination of practical integration advantages and fundamental security architecture.

For a Google Workspace-based company like Form Health, Virtru's integration was seamless. "The reason we chose Virtru was because it had the easiest integration into our already existing Google Workspace-based ecosystem," says Lanier. "From the standpoint of IT provisioning, it's a few switches, and from the standpoint of the user joining, it is the installation of a Google Chrome plug-in."

This integration meant users could remain in their familiar Gmail environment, without juggling separate logins or applications. The solution leveraged existing Google authentication, eliminating a common security vulnerability: password fatigue leading to credential sharing.

But Lanier's decision went far beyond convenience. His examination of Virtru's security architecture revealed a system designed with true data privacy at its core.

"What I liked about the Virtru system was its architectural resistance to exfiltration," Lanier explains. " I saw that Virtru's security posture was already not just secure, it was private."

This distinction between security and privacy is crucial for healthcare providers handling sensitive medical information. Virtru's architecture ensures that even in the unlikely event of a breach, patient data remains protected because of how the encryption keys are managed.

A Surprisingly Smooth Implementation

One of the most remarkable aspects of Form Health's experience with Virtru was the ease of implementation—particularly unexpected given the typical complexity of security software deployments.

"I was expecting it to be hard because every other system like this I've worked with has been a pain," Lanier admits. "This one was not a pain."

The entire deployment was completed in days rather than weeks, starting with backend account provisioning that took just a day or two. The Form Health IT team was quickly trained on user management, and the initial deployment targeted key users to verify that the experience matched expectations.

The solution then rolled out to the finance, data, and customer care teams, with additional licenses added individually as needed. The Chrome browser plugin model was crucial to this efficiency. "The fact that this was not a separate application made implementation very fast," Lanier explains. "If this had been a separate application or website that people would need to log into, for which we would then have to manage a whole other set of credentials, that probably would have made this a weeks-long experience rather than days."

This seamless integration with existing workflows meant users could adapt quickly, without the learning curve typically associated with new security tools.

Patient Protection Beyond SOC and HIPAA Requirements

Form Health primarily implemented Virtru to strengthen compliance, but their team also valued genuinely protecting sensitive health information while enabling business growth. The company operates under multiple regulatory frameworks, including HIPAA and SOC, along with the varied requirements of their enterprise customers.

Virtru helps Form Health navigate this complex compliance landscape by providing both security, and the ability to demonstrate that security to auditors and customers.

"Virtru helps with the security and it leaves the artifacts that I need to prove that we're compliant," explains Lanier, highlighting how the solution supports both practical security and regulatory requirements.

This is particularly important as Form Health undergoes regular scrutiny from enterprise customers who need assurance that their employees' data is being handled properly. "On a fairly frequent basis I get questionnaires from customers," Lanier notes. "Most ask if we have a mechanism for securely talking to us about data that is confidential?"

With Virtru, Form Health can confidently answer yes.

Security as a Business Lever

Since implementing Virtru's secure email solution, Form Health has experienced multiple benefits that extend beyond improved security posture:

The solution has enabled Form Health to effectively serve enterprise customers by providing a professional, secure communication channel that meets enterprise expectations. The team can now initiate confidential conversations directly, rather than waiting to communicate through customer platforms.

The operational bottleneck of routing communications through a small number of employees has been eliminated, improving overall efficiency and responsiveness.

IT management overhead has been minimal. "It's easy. It's working. I haven't had to think about it since we signed it," says Lanier, underscoring the solution's reliability.

The company can now easily demonstrate compliance with both healthcare regulations and the varied requirements of their enterprise customers, streamlining the security assessment process that is standard in enterprise partnerships.

Perhaps most importantly, Form Health can maintain the highest levels of data privacy for their patients while growing their business—without the security compromises that sometimes accompany rapid business transformation.

Building the Foundation for an Enterprise Future

The Virtru implementation at Form Health has demonstrated how the right security solution can enable rather than hinder innovation in healthcare. By implementing the Virtru secure email platform, the company has positioned itself to grow its enterprise business while maintaining the strict data protection standards that patients and healthcare partners expect.

For other healthcare technology companies operating in the Google Workspace environment, Lanier offers this perspective: "If you are a Google Workspace-based system, this is a simple, easy, and effective system to parachute in and give selective members of your population access to secure email that could grow into more wide use of secure email as needed."

By choosing Virtru, Form Health has found more than just a technology solution—they've found a security partner that understands the unique challenges of healthcare innovation and enables them to focus on their mission of helping patients manage their weight effectively through their enterprise partnerships.