Health Insurance Portability & Accountability Act

(HIPAA)

 

Title Green Bar Focus

HIPAA Security, Privacy and Breach Notification Rules focus on the protection of patient healthcare data. Security Rule outlines specific Physical, Administrative and Technical Safeguards for electronic PHI (ePHI).

 
 
 

Title Green Bar Data

Electronic Protected Health Information (ePHI) lists 18 types of information, including patient names, addresses, social security numbers, email addresses, medical records, payment information and more.
 
 
 

Title Green Bar Scope

U.S. & Global – All Covered Entities (Healthcare Providers, Health Plans, and Healthcare Clearinghouses) and their Business Associates that perform activities involving the use or disclosure of PHI.
 
 

Title Green Bar Breach

Notification to HHS Secretary, All Affected Individuals, and Media Outlets in some cases.
 
 

Title Green Bar Non-Compliance

Audits, Investigations, Significant Fines (Up to $1.5 million in fines per year), and possible Criminal Penalties.
 
 
Title Green Bar  HIPAA Requirements Title Green Bar  Encryption Discussion Title Green Bar  WinMagic Solution

Section 164.312

Technical Safeguards
164.312 (a)

Access Control
horizontalline green

Section 164.312

Technical Safeguards
164.213 (b)

Audit Controls
horizontalline green

Section 164.312

Technical Safeguards
164.213 (d)

Authentication

HIPAA specifically recommends the use of encryption, audit controls and authentication:

  • Implement a mechanism to encrypt and decrypt ePHI
    [164.312 (a)(1)]

  • Implement hardware, software and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI
    [164.213 (b)]

  • Implement procedures to verify that a person or entity seeking access to ePHI is the one claimed
    [164.213 (d)]

SecureDoc Enterprise strengthens compliance with Technical Safeguard requirements by enforcing encryption, access controls and authentication.

SecureDoc Full Disk Encryption advanced cryptographic engine is FIPS 140-2 validated, consistent with NIST 800-111.

Guide to Render Unsecured PHI Unusable, Unreadable, or Indecipherable to Unauthorized Individuals

This Guide outlines requirements for encryption of data-at-rest. Essentially, if encrypted devices are lost or stolen, without access to a confidential process or key, they are not subject to breach notification. It also requires that encryption be consistent with NIST 800-111 SecureDoc significantly reduces the threat of a data breach with robust encryption and secure key management to ensure that confidential data and the keys to decrypt that data are protected – reducing the burden and costs
associated with breach notification.
Guidance on HIPAA and Cloud Computing If the ePHI is encrypted, but not at a level that meets HIPAA standards or the decryption key was also breached, then the incident must be reported… SecureDoc CloudVM provides enterprisecontrolled encryption and key management to protect against data breaches in the Cloud.