The Iowa DHS case exemplifies the potential pitfalls of relying on inadequate encryption solutions like Virtru. Instead, organizations looking to safeguard their communications and avoid the pitfalls of inadequate encryption should consider switching to Paubox.
DHS transitioned from Microsoft Outlook to Google Mail in December 2016, incorporating Virtru for email encryption. Following the switch back to Outlook in 2018, DHS encountered decryption issues, rendering 432,000 emails inaccessible. Despite efforts, only a fraction of these emails were successfully decrypted, with many showing errors altering their content.
Furthermore, attorney Roxanne Conlin argues that DHS encryption-related email loss prevents fair legal proceedings, stating that “If we cannot get access to emails of the investigator communicating with his supervisor – and, obviously, the supervisor communicating with her supervisor – how in the world can we prove what we need to prove… By encrypting these emails and then being unable to decrypt them, they have prevented us from having a fair chance in court.”
Ultimately, the lost emails obstructed legal processes and raised concerns about data accessibility, transparency, and the overall effectiveness of Virtru's encryption system.
As demonstrated by the Iowa DHS case, losing access to encrypted emails can severely disrupt operations and impede legal processes. Furthermore, users may find a software transition cumbersome, with a high risk of data loss that can be costly and time-consuming to resolve.
Many users find Virtru’s interface less intuitive than other solutions, requiring training and support, adding to the overall costs and complexities.
More specifically, a Virtru user on G2 Reviews states, “There are occasions when encrypted messages do not send. I either wait for an extended period of time for an encrypted message to send, find a message that I thought had sent in my drafts, or I restart Outlook and try again. The arrangement to encrypt previous messages in an email chain does not provide ease for the included parties to confirm earlier discussion/details without going back through their inbox and finding the original message.”
The Iowa DHS case revealed that Virtru’s encryption processes could cause inaccessible communications, especially in regulated industries.
These encryption reliability issues can jeopardize an organization’s HIPAA compliance, potentially resulting in severe fines and legal challenges.
Go deeper: What are the penalties for HIPAA violations?
Users report technical issues with Virtru’s software, including integration and compatibility problems with other systems. These issues can disrupt daily operations and reduce efficiency.
Brown University explains, “Virtru remembers the setting from the last email you sent. If you send an encrypted email, the Virtru slider will be toggled on for your next email. Likewise, if you send an unencrypted email, the Virtru slider will be toggled off for your next email.”
If a user forgets to manually adjust the Virtru slider, they might inadvertently send an unencrypted email that should have been encrypted, increasing the risk of exposing protected health information (PHI).
It also adds an extra step to the email-sending process, requiring users to be constantly vigilant about the status of the Virtru slider, which can disrupt workflow and lead to errors, especially in a fast-paced work environment.
According to a user review, when only a subset of users within an organization can use Virtru for sending sensitive data, it creates several challenges, requiring “extra communications and effort [so others] could receive a message from an internal person...”
So, recipients not accustomed to using Virtru may struggle with the additional steps, which can cause confusion and potential delays in message retrieval.
Additionally, it fragments the email process as not all employees are uniformly equipped to handle encrypted communications, leading to inconsistencies in how sensitive data is managed and shared across the organization.
Ultimately, Virtru complicates internal workflows and risks mishandling sensitive information being mishandled, which can lead to HIPAA violations.
Virtru’s pricing is higher compared to other encryption solutions, affecting smaller organizations with limited budgets, like another Virtru user states, “The cost is steep, especially for a nonprofit organization…”
Paubox offers integration with existing email systems, eliminating additional portals or logins. It automatically encrypts all outgoing emails, ensuring data security without added complexity. So, its user-friendly approach ensures that secure communications are as straightforward as regular emails.
A seasoned Paubox user quotes, “We were able to implement a HIPAA-grade email encryption system for all outgoing emails and have zero training (actually, we called it un-training) for our end-users and no hassle for the users or the person receiving emails from them. All that and 100% of outbound emails are encrypted. I don't have to worry about a user forgetting to encrypt, ensuring all the rules I need to catch potential HIPAA data are written and working.
Paubox is compatible with various email platforms like Gmail, Microsoft Outlook, Office 365, and other SMTP-based email services, supporting operational continuity and improving workflow.
For those transitioning to Paubox, whether from traditional email encryption methods or other platforms, the experience is streamlined, preserving data accessibility and ensuring secure communications.
Paubox uses advanced security measures like encryption, two-factor authentication, and access controls, mitigating the risk of potential data breaches and costly HIPAA violations.
Furthermore, adhering to HIPAA standards helps providers protect patient privacy, promoting a trusting patient-provider relationship.
Paubox sends emails directly from the sender’s address, maintaining trust, and reducing the risk of emails being flagged as spam, improving communication and strengthening recipient relationships.
A mental health professional states, “I like that Paubox is secure, and I don't have to send email that requires a security code to open it. I receive secure emails from other clinicians who send passwords with their emails. Having the simplicity of sending emails without passwords and having clients not have to go through the hassle of dealing with a password to open my email is helpful and refreshing.”
Additionally, the review states “Paubox now offers the option for creating electronic forms. My clients can fill out forms online securely and send them securely to me without having to print, fill out, and send back. Paubox offers this as a free service with their basic service.”
Paubox offers a more affordable solution than Virtru, making it ideal for small organizations with limited budgets. Unlike Virtru, which can involve higher costs due to its complex integrations and additional software requirements, Paubox provides all-in-one platform to reduce administrative support and training, cutting down on overall expenses.
Furthermore, the automatic encryption and built-in HIPAA compliance features are included at no extra cost, ensuring that even small organizations can maintain secure communications without breaking the bank.
Ultimately, its cost-effective, user-friendly approach makes Paubox the perfect choice for small businesses seeking reliable and affordable email security.
Read also: In a nutshell: Is Virtru's email recall feature worth it?
The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for protecting the privacy and security of certain health information, known as protected health information (PHI).
HIPAA is designed to protect the privacy and security of individuals’ health information and to ensure that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.
HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.
Providers and other covered entities must use a HIPAA compliant platform, like Paubox, which offers encryption, authentication measures, and access controls to protect patient’s protected health information (PHI) and prevent potential data breaches.
Learn more: HIPAA Compliant Email: The Definitive Guide