Focus
HIPAA Security, Privacy and Breach Notification Rules focus on the protection of patient healthcare data. Security Rule outlines specific Physical, Administrative and Technical Safeguards for electronic PHI (ePHI). |
Data
Electronic Protected Health Information (ePHI) lists 18 types of information, including patient names, addresses, social security numbers, email addresses, medical records, payment information and more. |
Scope
U.S. & Global – All Covered Entities (Healthcare Providers, Health Plans, and Healthcare Clearinghouses) and their Business Associates that perform activities involving the use or disclosure of PHI. |
Breach
Notification to HHS Secretary, All Affected Individuals, and Media Outlets in some cases. |
Non-Compliance
Audits, Investigations, Significant Fines (Up to $1.5 million in fines per year), and possible Criminal Penalties. |
![]() |
![]() |
![]() |
Section 164.312 Section 164.312 Section 164.312 |
HIPAA specifically recommends the use of encryption, audit controls and authentication:
|
SecureDoc Enterprise strengthens compliance with Technical Safeguard requirements by enforcing encryption, access controls and authentication. SecureDoc Full Disk Encryption advanced cryptographic engine is FIPS 140-2 validated, consistent with NIST 800-111. |
Guide to Render Unsecured PHI Unusable, Unreadable, or Indecipherable to Unauthorized Individuals |
This Guide outlines requirements for encryption of data-at-rest. Essentially, if encrypted devices are lost or stolen, without access to a confidential process or key, they are not subject to breach notification. It also requires that encryption be consistent with NIST 800-111 | SecureDoc significantly reduces the threat of a data breach with robust encryption and secure key management to ensure that confidential data and the keys to decrypt that data are protected – reducing the burden and costs associated with breach notification. |
Guidance on HIPAA and Cloud Computing | If the ePHI is encrypted, but not at a level that meets HIPAA standards or the decryption key was also breached, then the incident must be reported… | SecureDoc CloudVM provides enterprisecontrolled encryption and key management to protect against data breaches in the Cloud. |