VeraCrypt may not be HIPAA compliant. If it isn't, this encryption tool shouldn’t be used for protected health information (PHI).
VeraCrypt’s encryption hasn't been fully compatible with all types of computers, such as certain types of PCs. Additionally, it’s designed to be used on single devices. For HIPAA compliance, it’s best to have a centralized encryption system with administrative features that include remote access and remote encryption capabilities.
Information about VeraCrypt’s HIPAA-compliance effort is limited, so covered entities may want to consider choosing a commercial encryption service instead.