HIPAA
The HIPAA Security Rule requires healthcare organizations to use appropriate safeguards to ensure that electronic protected health information (ePHI) remains secure, and the HITECH Act, which expands the HIPAA encryption compliance requirement set, requires the timely disclosure of data breaches.
For many healthcare organizations, one of the most daunting provisions of complying with HIPAA and HITECH has been adhering to The Privacy Rule. Applying encryption solutions that protect patient data from all but a defined set of uses – and within the proscribed EDI sets – has proven to be a significant IT challenge. An effective implementation must not only be secure and adhere to these transaction standards but must also be manageable within the company’s IT framework.
Thales solutions help organizations meet these compliance challenges by implementing technical safeguards for ePHI through:
- Encryption of data wherever it resides
- Encryption and key management
- Data access controls
- Regulation
- Compliance
The US Health Insurance Portability and Accountability Act (HIPAA)
The HIPAA Security Rule requires covered entities to implement technical safeguards to protect all electronic protected healthcare information (ePHI), making specific reference to encryption, access controls, encryption key management, risk management, auditing and monitoring of ePHI information. The HIPAA Security Rule enumerates examples of encryption methods that covered entities can employ, along with the factors to consider when implementing a HIPAA encryption strategy.
Health Information Technology for Economic and Clinical Health (HITECH) Act
Enacted as a part of the American Recovery and Reinvestment Act (ARRA) of 2009, the HITECH Act expands the HIPAA encryption compliance requirement set, requiring the disclosure of data breaches of “unprotected” (unencrypted) personal health records, including those by business associates, vendors and related entities.
HIPAA Omnibus Rule of 2013
The “HIPAA Omnibus Rule” of 2013 formally holds business associates liable for compliance with the HIPAA Security Rule.
Encryption of ePHI
Vormetric Transparent Encryption provides file and volume level data-at-rest encryption to protect ePHI from unauthorized access. Vormetric Application Encryption adds another layer of security and HIPAA/HITECH compliance capabilities, enabling organizations to easily build HIPAA/HITECH encryption capabilities into internal applications at the field and column level.
Strong Key Management
Vormetric Key Management provides the integrated, secure encryption key management that meets HIPAA encryption requirements to separate keys and encrypted data. This solution enables centralized management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.
Data Access Controls
Vormetric Data Security Platform access controls extend data breach protection by limiting data access to authorized personnel and programs. In addition, the Platform’s data access monitoring generates the security intelligence information required to identify accounts that represent a threat because of a malicious insider or malware-compromised account credentials.
High Speed Encryption Solutions - Solution Brief
Networks are under constant attack and sensitive assets continue to be exposed. More than ever, leveraging encryption is a vital mandate for addressing threats to data as it crosses networks. Thales High Speed Encryption solutions provide customers with a single platform to ...
Download
Pure Storage and Thales Delivering secure & efficient storage - Solution Brief
In today’s reality of enterprise digital transformation, the exploding volume of data being created and utilized is increasing demands on every organization’s ability to control storage costs, expand capacity, and maintain or increase agility. Flash storage has transformed...
Download
Advanced data protection for AWS S3 with Vormetric Transparent Encryption (VTE) - Solution Brief
Amazon Web Services (AWS) Simple Storage Service (S3), one of the leading cloud storage solutions, is used by companies all over the world to power their IT operations for a variety of usecases. AWS S3 buckets have become one of the most commonly used cloud storage...
Download
Enterprise Key Management Solutions - Solution Brief
Discover how organizations can centrally manage keys for third-party devices including Microsoft SQL TDE, Oracle TDE, and KMIP-compliant encryption products.
Download
TDE Key Management - Solution Brief
Microsoft SQL Server and Oracle Database solutions provide native transparent database encryption (TDE) that protects the data stored in their customers’ enterprise and cloud-hosted databases. And, as with any encryption-based security scheme, securing and managing the...
DownloadOther key data protection and security regulations
GDPR
Regulation
Active Now
Perhaps the most comprehensive data privacy standard to date, GDPR affects any organisation that processes the personal data of EU citizens - regardless of where the organisation is headquartered.
PCI DSS
Mandate
Active Now
Any organisation that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.
Data Breach Notification Laws
Regulation
Active Now
Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbour” clause.
Contact a Compliance Specialist
Are you fit for GDPR
