HIPAA | HITECH Data Security Compliance

Comply with HIPAA and HITECH requirements provisions to encrypt electronic patient health information

Americas Map

Regulation

Active now

HIPAA

The HIPAA Security Rule requires healthcare organizations to use appropriate safeguards to ensure that electronic protected health information (ePHI) remains secure while the HITECH Act, which expands the HIPAA encryption compliance requirement set, requires the timely disclosure of data breaches.

Thales eSecurity provides solutions to help implement technical safeguards for ePHI through:

  • Encryption of data wherever it resides;
  • Encryption and key management;
  • Data access controls.
The US Health Insurance Portability and Accountability Act (HIPAA)

The HIPAA Security Rule requires covered entities to implement technical safeguards to protect all electronic protected healthcare information (ePHI), making specific reference to encryption, access controls, encryption key management, risk management, auditing and monitoring of ePHI information. The HIPAA Security Rule enumerates examples of encryption methods that covered entities can employ, along with the factors to consider when implementing a HIPAA encryption strategy.

Health Information Technology for Economic and Clinical Health (HITECH) Act

Enacted as a part of the American Recovery and Reinvestment Act (ARRA) of 2009, the HITECH Act expands the HIPAA encryption compliance requirement set, requiring the disclosure of data breaches of “unprotected” (unencrypted) personal health records, including those by business associates, vendors and related entities.

HIPAA Omnibus Rule of 2013

The “HIPAA Omnibus Rule” of 2013 formally holds business associates liable for compliance with the HIPAA Security Rule.

Encryption of ePHI

Vormetric Transparent Encryption provides file and volume level data-at-rest encryption to protect ePHI from unauthorized access. Vormetric Application Encryption adds another layer of security and HIPAA/HITECH compliance capabilities, enabling organizations to easily build HIPAA/HITECH encryption capabilities into internal applications at the field and column level.

Strong Key Management

Vormetric Key Management provides the integrated, secure encryption key management that meets HIPAA encryption requirements to separate keys and encrypted data. This solution enables centralized management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.

Data Access Controls

Vormetric Data Security Platform access controls extend data breach protection by limiting data access to authorized personnel and programs. In addition, the Platform’s data access monitoring generates the security intelligence information required to identify accounts that represent a threat because of a malicious insider or malware-compromised account credentials.

Solution Briefs : Vormetric Transparent Encryption

Vormetric Transparent Encryption delivers data-at-rest encryption, privileged user access controls and security intelligence logs to proactively meet compliance reporting requirements for structured databases and unstructured files....

Download

eBooks : HIPAA compliance and data encryption: it’s time to go beyond addressable

The Healthcare Insurance Portability and Accountability Act (HIPAA) calls for the use of data encryption, but doesn’t mandate it. Given the massive changes in computing and the threat landscape in the 20 years since HIPAA went into effect, it’s time to make patient data protection a top priority. This eBook highlights the security and compliance benefits that result from implementing data encryption, and details why it is a necessary protection measure for any organization that processes patient information.

Download

Other key data protection and security regulations

NIST 800-53 / FedRAMP

Americas Map Thumbnail

Mandate

Active now

Since June 5, 2014 federal agencies have been required to meet FedRAMP standards, ensuring they meet internal data security standards and extended security controls for cloud-computing.

Learn More

HIPAA

Americas Map Thumbnail

Regulation

Active now

These regulations cover healthcare information in the US, HIPAA relates to protection; encryption, key management. etc and HITECH relates to disclosure of data breaches.

Learn More

SOX

Americas Map Thumbnail

Regulation

Active now

United States Federal Law setting standards for a range of US companies, SOX Act sections 302 and 404 relate directly to data protection.

Learn More
コンプライアンスの専門家に相談する 問い合わせ
GDPRに対応できていますか タレスによる対応状況評価を今すぐ受ける
コンプライアンスおよび規制に関するソリューションハンドブックを読む eBookを読む

Related Solutions

GDPR

Perhaps the most comprehensive data privacy standard to date, GDPR affects any organization that processes the personal data of EU citizens - regardless of where the organization is headquartered.

Learn More

EPCS

EPCS revises DEA’s regulations to provide practitioners with the option of writing prescriptions for controlled substances electronically as well as receiving, dispensing and archiving electronic prescriptions. The electronic prescription application must incorporate a secure process for practitioner authentication.

Learn More
Thales eSecurity is our standard. Whenever an encryption solution is needed, the answer is always, ‘let’s start with Thales eSecurity. Damian McDonaldVice President of Global Information Security, Becton, Dickinson and Company
My concern with encryption was the overhead on user and application performance. With Thales eSecurity, people have no idea it’s even running. Karl MudraCIO
Delta Dental of Missouri
インタラクティブなデモを閲覧する デモ
ライブデモの申し込み デモの申し込み
スペシャリストへのコンタクト お問い合わせ