Paubox blog: HIPAA compliant email made easy

Is Virtru's email recall feature worth it?

Written by Kirsten Peremore | February 14, 2024

Virtru's email recall feature allows users to withdraw access to previously sent encrypted emails when sent to the wrong person in an attempt to prevent a HIPAA violation. The question is whether this feature genuinely contributes to an organization's HIPAA compliance.

Learn more about HIPAA and emailHIPAA Compliant Email: The Definitive Guide

 

How the Virtru email recall feature works

Vitru requires several steps for recipients to access content sent from its users. From a recipient's perspective, these steps include:

  1. Receive notification: Recipients will receive an email notification indicating they've received a secure message from a Virtru user.
  2. Open the email: Click to open the email notification. 
  3. Access secure reader: The email typically includes a link or button to access the encrypted message through Virtru's Secure Reader. The recipient then clicks this link or button.
  4. Authenticate: If required, recipients authenticate their identity to access the message. This may involve signing in with their email provider or entering a verification code sent to their email.
  5. View the message: Once authenticated, they will be directed to the Virtru Secure Reader, where they can read the message.

If the Vitru user wants to revoke the email, these are the steps they'd need to follow: 

  1. Open the sent email or file: First, users must navigate to the sent folder or the specific location of the file they've shared via Virtru.
  2. Locate the recall option: The recall option should be visible in the respective application interfaces.
  3. Click revoke access: The users use the revoke hand icon (in email clients) or the "Revoke Access from all Guests" option (for Drive files) to initiate the revocation process.
  4. Confirm your action: Once prompted, the user confirms that they wish to revoke access.
  5. Notification to recipients: Once access is revoked, recipients receive another notification that access to the content has been removed if they attempt to view the email or file.
  6. Manage and monitor: The Virtru Control Center is used to monitor the status of your sent encrypted content and manage further access.

Email recall and its gaps in HIPAA compliance

Breach means the acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E of this part which compromises the security or privacy of the protected health information.

The above extract comes from 45 CFR §§ 164.402 of HIPAA. Based on this definition, when an email containing protected health information (PHI) is mistakenly sent to an incorrect recipient, a HIPAA violation is triggered at the moment of unauthorized disclosure. 

In the case of a regular email interaction, a violation occurs as soon as the email is sent because the access control the organization had is lost. Virtru's email recall feature might appear to allow its users to retain this control and, therefore, prevent a violation. Avoiding a HIPAA violation is, however, not that straightforward. 

Let's take a look at instances where a HIPAA violation can still occur despite using the email recall feature: 

  1. A healthcare worker mistakenly sends an email containing PHI to the wrong recipient and fails to recall the email before it is read. One in five people read their emails immediately upon receipt.
  2. The Virtru email recall feature experiences a lag, delaying the recall process and allowing the unintended recipient time to access sensitive information.
  3. Due to compatibility issues with the recipient's email system, the recall attempt is unsuccessful, and the PHI remains accessible.
  4. A healthcare employee relies on the recall feature to correct an email sent in error but does not follow up to ensure the recall was successful, leading to unauthorized access to PHI.
  5. The complexity of the Virtru recall process results in incorrect use by the sender, failing to effectively retract an email containing PHI.
  6. Despite activating the recall feature, the sensitive information had already been downloaded or forwarded by the recipient, resulting in a breach of PHI.

Determining whether or not this breach is realized after the use of the recall requires the consideration of a few factors, such as: 

  1. Effectiveness of the recall: The recall must effectively prevent unauthorized access to the PHI contained in the email. This means the unintended recipient should not be able to view or otherwise access the PHI after the recall is initiated.
  2. Timeliness of the recall: A prompt recall before the unintended recipient accesses the PHI is more likely to prevent a breach. A delay reduces the window of opportunity to prevent the unintended recipient from accessing sensitive information.
  3. Verification of recall success: Users must verify whether the recall feature has worked. Virtru allows users to oversee the revocation of access through the Virtru control center. While this allows users to determine whether or not the email incorrectly sent has been viewed, the responsibility still lies with the organization to investigate the incident independently and ascertain affirmatively whether or not the content was viewed. 

 

The customer experience with Virtru

Virtru's installation and activation process presents several challenges that can make it difficult for users to use. Initially, users must navigate to the downloads page, add the extension to Chrome from the Chrome Web Store, and then proceed through various prompts to complete the installation—a process that requires multiple steps and switching between pages. 

To send an email, users need to manually toggle the Virtru bar to activate encryption for each email, a step that, while simple, requires conscious effort and disrupts the flow of composing an email. 

Adding to this, the option to customize security settings, such as disabling forwarding, setting expiration dates, and applying watermarks, although beneficial for security, further complicates the email composition with additional decisions and clicks.

The process of activating and using the software is not the only issue users have faced. With issues ranging from difficulties in training staff on how to use it to lags in the software, the problems in using Virtru go beyond the everyday annoyances we expect to see. 

"Occasionally, Virtu will lag or not work at all," one user wrote. "I was ready to write this off as me having issues with my own bandwidth, but my colleagues working from home would tell me they were having similar issues at the same time. Another issue is people to whom I send encrypted emails who do not have a Virtu account sometimes have difficulty opening emails."

small business owner highlighted the issues within the user experience: "The extension crashes my email multiple times a day. I have to log out of Gmail and back in often. I have uninstalled the extension and stopped using Virtru as much as I would like to because of the inconvenience."

Yet another user brings to light the user experience and difficult integration despite Virtru's claim that they are compatible with Microsoft 365: "Virtru is clunky to use. It isn't integrated with Outlook. When using Outlook, one needs to open a separate web page to be able to read the email. I have had clients tell me to send reports unencrypted because they don't want to deal with using Virtru. I am constantly having to sign in with Virtru to be able to read emails."

Still another user opens up their review with: "Others are sadly having issues opening." They further explain, "I don't particularly appreciate that others we send emails to are having difficulty opening the messages. It has caused a lot of issues because we are sending essential documents daily and then having to find a way to resend them.

Lastly, this user wrote about their experience training staff on using Vitru: "There has been difficulty onboarding our employees to the features provided by Virtru. Also, at times filters are too aggressive and detect CC numbers in links that don't exist. They also auto-encrypt emails even when the word "password" is used but no password is included. Initial filters had to be adjusted so workflows were not interrupted." 

 

Why the Virtru email recall feature might not benefit your organization

Beyond the technical issues mentioned in customer reviews, Virtru's email recall feature specifically is not as beneficial as users might hope. The feature does not assure HIPAA compliance if an email is sent to the wrong recipient. The feature may even detract from the preemptive measures to avoid this error. 

Let's explore more in-depth effects the use of this feature may have: 

 

Using the recall features adds complexity to training

The emphasis on correcting post-send mistakes diverts attention from training on preventive practices, such as secure email handling and verifying recipient information before sending. 

Trainers need to allocate extra time and resources to teach staff the basic functionalities of email systems and the specific steps required to use Virtu as a whole and execute a recall. This requirement increases the learning curve, potentially overwhelming employees, particularly those less technologically savvy. 

 

A software issue could still mean a HIPAA violation

The presence of software lag undermines the potential utility of Virtru's recall feature. Complaints of lags within Virtru's software, in general, reveal the possible effect on timeliness and reliability of recalling emails, making the recall feature less dependable. When users need to access the feature quickly, a lag or crash of the software can be detrimental to the very narrow window available to recall before the email is accessed by the incorrect recipient.

 

Additional steps

The Vitru email recall feature adds extra steps to the incident response procedure, which includes 

  • Identifying a misdirected email
  • Deciding to initiate a recall
  • Executing the recall through Virtru's interface
  • Verifying the recall's success. 

These extra steps demand more immediate action and resources from the incident response team, potentially delaying responses to other aspects of the incident. 

 

Additional monitoring 

Administrators and IT support staff (which may not be consistently available to small to medium practices) must continuously oversee the feature's usage to ensure its proper function. They need to track the successful and failed recall attempts to assess the feature's overall reliability. This increased oversight requires dedicating resources or poses the risk of not noticing lapses in the software's efficiency.

 

Promotes complacency

Reliance on the recall feature can lead to a reduction in proactive measures and diligence in handling sensitive information. Staff may become less vigilant in their communication practices, increasing the likelihood of errors. The perception of email revoke encourages a mindset where the meticulous verification of recipient information is less important, assuming that any mistake can be rectified post-send.

 

The Virtru recipient experience 

Patient experience should be an overriding concern when it comes to both patient outcomes and provider business growth. The Virtru email process is unnecessarily difficult for recipients, with multiple steps that detract from the recipient experience. 

Initially, recipients are met with an email notification that, rather than containing the message itself, informs them of a secure message awaiting them, introducing an immediate barrier to direct communication. They are then required to navigate away from their familiar email environment to access the content through Virtru's Secure Reader, disrupting the flow of their email interaction. 

Recipients facing multiple steps to view the content are likely to disengage, especially for non-urgent or promotional communications. This diminishes the effectiveness of these emails by reducing open rates and engagement and discourages future interactions with similar messages.  

 

Alternatives to email recall 

Gmail's 'Undo send' feature

Gmail offers an 'Undo Send' feature, allowing users to cancel the sending of an email within a preset time frame (up to 30 seconds after sending). This feature is effective for the immediate realization of a mistake, providing a straightforward way to prevent an email from reaching the unintended recipient before any potential exposure of sensitive information occurs.

Why it's better: The simplicity and immediacy of Gmail's 'Undo Send' feature make it highly effective for quick corrections without the complexity of recalling an email after it's been delivered and potentially opened. It integrates seamlessly into the Gmail user experience, requiring no additional steps or third-party software.

 

Microsoft Outlook's 'Recall this message' feature

Outlook's 'Recall This Message' feature attempts to delete or replace an email message sent to a recipient within the same Exchange server before it is read. 

Why it's better: For internal communications within organizations that use Exchange Server or Microsoft 365, Outlook's recall feature can effectively prevent unauthorized access to mistakenly sent information, provided the conditions for recall are met (e.g., the message has not been read). It's integrated into the email client, offering a direct approach to managing misdirected emails.

 

Email approval process

Implementing an email approval process adds a proactive layer of security by requiring that emails be reviewed and approved by an email regulator or compliance officer before dispatch.

Why it's better: Unlike the 'Undo Send' feature in Gmail or the 'Recall This Message' feature in Outlook, an email approval process is inherently preventive. It eliminates the dependency on the sender's quick action to correct a mistake, instead placing control in a systematic review that catches errors before they occur. 

Coupled with the Paubox Email Suite, this is a far more effective solution in mitigating potential violations. While the 'Undo Send' and 'Recall This Message' features are limited by time constraints and specific conditions (e.g., server environment, message unread status), the email approval process is universally applicable across various platforms and does not suffer from these limitations.