Case Study

Omada Health Relies on Virtru to Easily Share Protected Health Information and Other Sensitive Data while Complying with HIPAA

Omada Health is a digital behavioral health company that inspires and enables people to change the habits that put them most at risk for chronic conditions like heart disease and type 2 diabetes. The company is the largest CDC-recognized provider of the National Diabetes Prevention Program, with more than 120,000 participants.

We spoke with Bill Dougherty, Vice President of IT and Security at Omada Health. Bill is responsible for all of information technology and security at Omada.

How is Virtru helping your company?

“Virtru simplified our workflow around protecting and sharing sensitive information. Virtru’s end-to-end protection and ease-of-use empowers us to share sensitive information without worrying about whether the data is secure. Previously, we would have to block it. No sensitive information could go out via email. It just wasn’t secure enough to use.

“We are regulated under HIPAA so we have to make sure we are securing Protected Health Information (PHI) at all times. Virtru allows us to do just that, without interfering with how our employees, customers, and partners work. For example, most of our customers want some level of reporting, and some prefer email delivery. The reports contain protected information. With Virtru it’s as easy as clicking a button. Virtru gives us the confidence that the data is secure no matter who we share it with.”

How were you sharing sensitive information before Virtru?

“We were using another product, but it didn’t encrypt email and attachments from user to user. That was a really big hole for us. Also, it wasn’t nearly as user friendly or configurable as Virtru.

“So, before Virtru, we wouldn’t allow anyone to share Protected Health Information (PHI) via email. We had to put it on a secure file server and generate a link to it. We then emailed the recipient the link and then they’d have to go get the information. It wasn’t an efficient system at all, and not nearly as efficient as clicking one button in your email. That’s all it takes with Virtru.”

How are you using Virtru today?

“We use Virtru Data Protection to protect sensitive information as it is leaving the company or traversing around the company in email. All of our employees who handle sensitive information, including (PHI), use Virtru.

“Virtru scans emails upon send and matches against specific rules to protect health information. Any time it sees potentially sensitive data, it alerts the user that it should be encrypted. There are two easy ways to encrypt email and attachments with Virtru. One is for users to turn it on themselves by clicking a toggle button that appears when you they create an email. The other way is to let Virtru scan the emails and attachments and then apply protections automatically.”

“For those that receive the emails, it shows up in their inbox and all they have to do is click on the message. Virtru authenticates the user using their existing identity and opens the email in their browser. There’s no software to download, no separate portals or log-ins.”

Bill Dougherty, Vice President of IT and Security, Omada Health

What capabilities really stand out?

“There are three capabilities that really matter to us and set Virtru apart from its competition.

“The first is client-side side encryption. This is a very big advantage that Virtru has over the other solutions. With other systems, encryption occurs after the message hits your email server. So, for a period of time, the content of that message and its attachments are exposed and vulnerable, and the draft and back-ups aren’t protected either.

“With Virtru enabled, emails and attachments are protected the second you begin creating the message. There’s never a situation where your data is exposed. Even draft emails and backups are protected. Not even your email provider or cloudcompany can see the contents. “The second capability that really stands out for us is how easy Virtru is to use—for our employees, as well as our customers and partners. When you’re composing an email message, there’s a toggle button.

When you toggle it to ‘on,’ everything is encrypted and secure – that’s all it takes. And, if you don’t want to rely on your users to toggle a bottom, Virtru can quickly scan emails and attachments and alert the users that sensitive data about to be shared. Virtru can also automatically protect the emails and attachments for you.”

“For those that receive the emails, it shows up in their inbox and all they have to do is click on the message. Virtru authenticates the user using their existing identity and opens the email in their browser. There’s no software to download, no separate portals or log-ins.”

“The third feature that we care most about is the ability for our users to have control of the message and attachments, even after it’s been sent. Our users and administrators can revoke a message and it will no longer allow the user on the other end to have access to the email or attachments. That’s very powerful and extremely important to us.”