Decrypted | Insights from Virtru to Unlock New Ideas

Virtru vs. Paubox: HIPAA Email Encryption Comparison

Written by Editorial Team | Jul 15, 2024 4:16:55 PM

If you’re looking for an email encryption solution, you’ll find no shortage of vendors out there. But the devil is in the details: Not all email encryption is created equal — and these solutions vary widely in their strength and versatility. 

In this post, we’ll break down some of the key differences between Paubox Email Suite and Virtru Email Encryption — and how these solutions vary significantly in the capabilities they deliver. 

Virtru: Email and File Encryption that Travels with the Data, Forever 

Whereas some encryption solutions only protect data on its way to its destination, Virtru security stays with the data even after it reaches its destination — and lets you revoke or change access permissions at any time. 

Virtru is fast to deploy, easy to use, and supports the world’s strictest compliance regulations, including HIPAA, ITAR, CMMC, CJIS, and GLBA. Virtru can be deployed across your team in minutes, whether you use Gmail, Outlook, or both.

Because it’s deployed as a Chrome browser extension or an Outlook add-in, it’s remarkably simple for admins to get Virtru up and running. Virtru does not require you to stand up an email gateway, but it does offer a gateway option if you want to apply a layer of automated security for server-side protection that’s invisible to the user — or if you want to protect the data that moves in and out of other SaaS apps like Salesforce. 

Virtru Encryption Method: End-to-End Encryption at the Object Level, Client-Side or Server-Side

Virtru applies end-to-end encryption to data, meaning that your sensitive information is protected from the moment it’s created or uploaded, through transit, and at rest at its destination. This is more comprehensive protection than TLS (transport layer security), which only protects data in transit, not at rest once it has arrived at its destination. Whereas TLS provides a secure “tunnel” through which data can travel safely to its destination, it does not provide any protection for the data once it arrives in the recipient’s inbox. Once the email has left your network, it’s gone. 

Thanks to Virtru’s technology, built on the Trusted Data Format, your encrypted information remains fully under your control, even after it’s left your organization. You can revoke or change access permissions any time you choose — so if, for example, a nurse accidentally emails a medical record to the wrong person, the nurse or an admin can revoke access immediately to protect your patient’s privacy. 

Virtru’s email plugins apply client-side encryption, meaning that the encryption happens in the email client, rather than when it hits your server. Virtru encryption is also applied at the object level, protecting every email and file with its own distinct “wrapper” of protection and access control that stays with the data through its entire life cycle. 

Here's a video that shows how Virtru works. 

 

Virtru Features: DLP, Flexible Key Management, Large File Transfer, FedRAMP-Authorized  


Virtru provides several advanced features for email encryption, including: 

  • Revoke email and file access at any time (especially valuable if an email is sent to the wrong person).
  • Set expiration date (e.g., make an email or file available for 1 week).
  • Prevent forwarding and restrict downloading with persistent protection.
  • Custom branding, allowing you to put your own logo and branding on the recipient email experience, reducing any confusion for patients, customers, and external partners. 
  • Flexible encryption key management (host your keys on-premises or in a public or private cloud with Virtru Private Keystore for advanced control and compliance).
  • FedRAMP-authorized encryption technology for compliance with the world’s strictest regulations. Virtru’s Data Security Platform is also FIPS 140-2 compliant.
  • HITRUST equivalent security: While Virtru is not HITRUST Certified, its data security practices are tightly aligned with HITRUST standards, as HITRUST bases its requirements on the NIST SP 800-53 controls required for FedRAMP authorization. More details can be found in the Virtru Trust Center.  
  • Large file transfer up to 15 GB with Virtru Secure Share, which can be used in any browser.

Virtru Customer Base: All Sizes and Industries

Virtru serves more than 6,700 customers around the world, from the world’s largest banks to small medical practices, from federal government agencies to rural K-12 schools. Customers choose Virtru because it blends ease of use with powerful security that fits a wide range of data sharing scenarios. Admins love it because it’s fast to deploy, intuitive for users and recipients alike, and requires minimal support. 

Paubox: TLS Encryption Gateway for All Email Traffic 

Paubox encryption is designed specifically for HIPAA compliance, and is most frequently used by small to midsize healthcare organizations. HIPAA is one of the more lightweight compliance requirements when compared to others like ITAR, CMMC, and GLBA, though it does require a Business Associates Agreement.  

Paubox Encryption Method: Transport Layer Security (TLS), Server-Side Gateway

Paubox is deployed as an email gateway, which encrypts all outbound email with TLS (transport layer security), regardless of the email's contents. This protects information in transit to its destination, but does not provide any encryption at rest once the emails or files reach their destination. Paubox encrypts all outgoing email and does not provide DLP (data loss prevention) rules. 

Paubox is popular because of the user experience when both the sender’s and the recipient’s email clients support TLS encryption. In these cases, a HIPAA-compliant email can be sent and received without any action required from the sender or recipient — so the user experience looks much like any standard email. 

However, when the recipient’s email client does not support TLS, they will have a different experience: They will receive a Paubox-branded email that requires the user to click through to view their message, as shown below. 

Paubox Features: HIPAA Forms, HITRUST Certified

As mentioned above, Paubox focuses on HIPAA compliance, so its features are geared toward healthcare organizations. Paubox features include: 

  • TLS encryption for emails in transit 
  • HIPAA compliant forms for websites
  • HIPAA compliant texting for SMS appointment reminders  
  • HITRUST certification to demonstrate HIPAA compliance 
  • Low cost for small businesses on a budget

Paubox Customer Base: Small to Midsize Healthcare Practices

The Paubox customer base is predominantly small to midsize healthcare practices, like doctor’s offices and dental practices. For larger organizations with varied departments and data security needs, the automatic encryption of all outgoing mail with Paubox will likely become a challenge.

For smaller healthcare practices that want to check the box for HIPAA compliant email and save money, this may be a good option. However, organizations with larger scale, or organizations in need of stronger control and reassurance for files shared externally with patients and partners, may find Paubox's basic features lacking. 

Virtru vs. Paubox: Head to Head Comparison

The following chart breaks down the features of Virtru vs. Paubox for email and file security. 

Feature

Virtru

Paubox

HIPAA Compliant 

BAA Provided

Integration with Outlook and Gmail

Deploy Without Setting Up a Gateway

 

End-to-End Encryption

 

Encryption In Transit

Encryption at Rest (after delivery)

 

Client-Side Encryption

 

Server-Side Encryption

Data Loss Prevention (DLP)

 

Persistent Access Control

 

Revoke Emails and Attachments

 

Watermarking

 

Expiration Date

 

Custom Branding

 

HITRUST Certification

Equivalent

FedRAMP Authorized 

 

Secure File Transfer 

 

HIPAA Forms

Form Collection with Virtru Secure Share

Flexible Key Management (SaaS or Self-Hosted)

 

Support for additional compliance regulations (ITAR, CJIS, CMMC, GLBA, PCI, etc.)

 

Advanced Customer Support

 

 

Choosing the Best HIPAA Email Software for Your Business

Both Virtru and Paubox provide affordable email encryption for HIPAA compliance, with BAAs provided. Because Virtru delivers more robust security capabilities than Paubox, Virtru is more expensive — but it delivers on ROI with fast, simple deployment; world-class support; and a product that is both remarkably simple to use while providing true end-to-end encryption and persistent control over your data, even after it’s left your organization.

If you’ve ever had an employee accidentally send patient PII or PHI to the wrong person, you know how valuable it is to be able to revoke an email that was sent in error. Virtru gives you that peace of mind, so you can maintain trust and persistent control over your organization's data. 

Want to explore Virtru for HIPAA email encryption and access control? Contact our team for a demo. We’d love to show you why hundreds of organizations choose Virtru for HIPAA compliance.