Health Insurance Portability & Accountability Act
(HIPAA)
(HIPAA)
HIPAA Security, Privacy and Breach Notification Rules focus on the protection of patient healthcare data. Security Rule outlines specific Physical, Administrative and Technical Safeguards for electronic PHI (ePHI).
Electronic Protected Health Information (ePHI) lists 18 types of information, including patient names, addresses, social security numbers, email addresses, medical records, payment information and more.
U.S. & Global – All Covered Entities (Healthcare Providers, Health Plans, and Healthcare Clearinghouses) and their Business Associates that perform activities involving the use or disclosure of PHI.
Notification to HHS Secretary, All Affected Individuals, and Media Outlets in some cases.
Audits, Investigations, Significant Fines (Up to $1.5 million in fines per year), and possible Criminal Penalties.
HIPAA Requirements
Encryption Discussion
WinMagic Solution
Section 164.312
Technical Safeguards
164.312 (a)
Access Control
Section 164.312
Technical Safeguards
164.213 (b)
Audit Controls
Section 164.312
Technical Safeguards
164.213 (d)
Authentication
HIPAA specifically recommends the use of encryption, audit controls and authentication:
SecureDoc Enterprise strengthens compliance with Technical Safeguard requirements by enforcing encryption, access controls and authentication.
SecureDoc Full Disk Encryption advanced cryptographic engine is FIPS 140-2 validated, consistent with NIST 800-111.
Guide to Render Unsecured PHI Unusable, Unreadable, or Indecipherable to Unauthorized Individuals
This Guide outlines requirements for encryption of data-at-rest. Essentially, if encrypted devices are lost or stolen, without access to a confidential process or key, they are not subject to breach notification. It also requires that encryption be consistent with NIST 800-111
SecureDoc significantly reduces the threat of a data breach with robust encryption and secure key management to ensure that confidential data and the keys to decrypt that data are protected – reducing the burden and costs
associated with breach notification.
Guidance on HIPAA and Cloud Computing
If the ePHI is encrypted, but not at a level that meets HIPAA standards or the decryption key was also breached, then the incident must be reported…
SecureDoc CloudVM provides enterprisecontrolled encryption and key management to protect against data breaches in the Cloud.