Important: HIPAApropriateness reviews, including their summaries, are for informational purposes only. They are neither consultation nor legal advice. Be aware that while we do our best to be thorough and complete, information may be missing or possibly even inaccurate. Products also change quickly, and the review may become out of date. By continuing to read, you agree to use the information in HIPAApropriateness reviews and their summaries at your own risk.

Vital Stats

HIPAA compliance with this product appears possible?: Yes.
Recommend for your HIPAA risk management needs?: Maybe. The cost of this product is not a cost effective solution for small group practices or individuals. This product typically services large organizations such as hospitals. We are not providing usage notes, since we are not recommending this as viable solution for our audience.
# of Caveats: 0 view caveats→
# of Usage Notes: 0 view notes→

Relevant Product Characteristics

  • This product does not appear to have been designed specifically with healthcare in mind. Note that many products that are useful and appropriate for health care professionals are not designed specifically with health care in mind.
  • The features and/or settings for this product are different for health care customers as compared to general customers.
    • Often this means the product adjusts for health care customers in order to meet HIPAA requirements, and/or to offer features that are only useable by health care practices (e.g. Square only allows health care customers to run HSA and FSA cards.)

What Is This Product?

 Virtru for Google adds encryption, access control, and data loss prevention to your GSuite account — making it possible to have encrypted email integrated with your Gmail account.

The convenience of having secure email integrated with your regular HIPAA secure GSuite email comes at a high cost though, as there is an expensive “HIPAA compliant” account premium charged annually — above and beyond the monthly user fee. This product is likely cost prohibitive for the majority of solo and small group practices, and is better suited to medium to large group practices.

It is worth reiterating that there is a difference between what we refer to as HIPAA secure email (a BAA is in place) and secure (encrypted) email; for more details about the distinction between the two, please see our article on email and HIPAA compliance; for an explanation of the utility and benefits of secure email, please see our article on the case for using secure email.


Caveats are criticsms of the company or product that we feel are relevant to your risk management or other important considerations.



Notes cover points where the product can’t ensure compliance or ethical action for you. These help you know what your part of the compliance puzzle looks like when using this product. A high note count usually correlates with a feature-rich product, and not necessarily with a product that has problems.



Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss