Case Study

Omada Health Relies on Virtru to Easily Share Protected Health Information

Omada Health is a digital behavioral health company that inspires and enables people to change the habits that put them most at risk for chronic conditions like heart disease and type 2 diabetes. The company is the largest CDC-recognized provider of the National Diabetes Prevention Program, with more than 120,000 participants.

We spoke with Bill Dougherty, Vice President of IT and Security at Omada Health. Bill is responsible for all of information technology and security at Omada.

How is Virtru helping your company?

“Virtru simplified our workflow around protecting and sharing sensitive information. Virtru’s end-to-end protection and ease-of-use empowers us to share sensitive information without worrying about whether the data is secure. Previously, we would have to block it. No sensitive information could go out via email. It just wasn’t secure enough to use.

“We are regulated under HIPAA so we have to make sure we are securing Protected Health Information (PHI) at all times. Virtru allows us to do just that, without interfering with how our employees, customers, and partners work. For example, most of our customers want some level of reporting, and some prefer email delivery. The reports contain protected information. With Virtru it’s as easy as clicking a button. Virtru gives us the confidence that the data is secure no matter who we share it with.”

How were you sharing sensitive information before Virtru?

“We were using another product, but it didn’t encrypt email and attachments from user to user. That was a really big hole for us. Also, it wasn’t nearly as user friendly or configurable as Virtru.

“So, before Virtru, we wouldn’t allow anyone to share Protected Health Information (PHI) via email. We had to put it on a secure file server and generate a link to it. We then emailed the recipient the link and then they’d have to go get the information. It wasn’t an efficient system at all, and not nearly as efficient as clicking one button in your email. That’s all it takes with Virtru.”

How are you using Virtru today?

“We use Virtru Data Protection to protect sensitive information as it is leaving the company or traversing around the company in email. All of our employees who handle sensitive information, including (PHI), use Virtru.

“Virtru scans emails upon send and matches against specific rules to protect health information. Any time it sees potentially sensitive data, it alerts the user that it should be encrypted. There are two easy ways to encrypt email and attachments with Virtru. One is for users to turn it on themselves by clicking a toggle button that appears when you they create an email. The other way is to let Virtru scan the emails and attachments and then apply protections automatically.”

“For those that receive the emails, it shows up in their inbox and all they have to do is click on the message. Virtru authenticates the user using their existing identity and opens the email in their browser. There’s no software to download, no separate portals or log-ins.”

Bill Dougherty, Vice President of IT and Security, Omada Health