The countdown officially begins today for HIPAA Omnibus Rule Compliance, which includes important changes in the way the Department of Health and Human Services (HHS) handles breach penalties.
The new rules not only extend security and privacy requirements to business associates and contractors (such as billing companies and those that perform services on behalf of a health care provider), but they also give HHS greater discretion to impose substantial penalties, which in turn gives the agency increased leverage to obtain six- and seven-figure settlements to resolve potential penalty proceedings.
The rules go into effect today, but organizations have until September 23, 2013 to comply. Heed the warnings, don’t wait until it’s too late.
Encryption and key management both play a key role in achieving HIPAA compliance. They render Electronic protected health information (ePHI) unusable, unreadable, or indecipherable to unauthorized individuals. In the event of a data breach, encryption can help organizations protect sensitive PHI and may enable them to claim “Safe Harbor.”
Gazzang zNcrypt for Health Care™ can be applied easily, quickly, and economically as a solution for data privacy and security requirements defined within HIPAA and HITECH. Through AES-256 encryption, advanced key management, and process-based access controls, zNcrypt provides transparent data encryption for any database or application running on Linux, including big data environments.
Additionally, Gazzang zTrustee™ protects the Gazzang cryptographic keys with several layers of advanced techniques to ensure the key is only accessible by authorized parties.
For more information check out our HIPAA and HITECH Compliance Guide.
The HIPAA and HITECH regulations were put in place to protect personal health record information from fraud and abuse. Over the past several years, more than 20 million patients have had their medical information exposed in data security breaches, even with HIPAA and HITECH regulations already being in place. This paper will document how Gazzang zNcrypt™ and Gazzang zTrustee™ can help organizations that store HIPAA data maintain a secure and compliant posture through robust encryption and key management.
Of the many government and industry regulations out there, I have been hearing the most about HIPAA lately. Many of the recent discussions I’ve participated in have revolved around the strict data breach notification requirements listed in section 13402 (e)(4) of the HITECH Act . Specific to these conversations has been the safe harbor language, which provides a way to legally avoid this notification process.
The HIPAA regulations state that if there is a data breach affecting more than 500 records, then the entity must notify the individuals affected, the Department of Health and Human Services (HHS) and major media outlets. Besides the immediate monetary cost, you also must deal with the damage to the company’s reputation, and public relations costs required in remedying that. Besides your COMPANY’S reputation, you also have your OWN reputation to worry about. Will this be an unwritten entry on your resume for years to come?
Interestingly, there is a loophole, which can allow you to skip the entire notification process. What is this loophole you ask? It’s called the Safe Harbor provision and can be easily found in section 216 of the regulation. It states that if your data is encrypted using the standards set forth in the National Institute of Standards and Technology (NIST) Special Publication 800-111, then the data is considered unreadable and unusable, therefore you are NOT required to notify anyone of the breach.
Fortunately, you don’t have to design your own encryption solution. Gazzang has taken care of that for you. Gazzang has created a high performance, transparent encryption solution that can encrypt virtually anything running on the Linux platform, coupled with a state of the art key management solution. We stringently followed the NIST guidelines when creating our enterprise-ready encryption solution. We leverage the AES encryption algorithms, which are recommended by NIST, as well as using a state of the art key management solution that stores the keys on a remote server either inside your firewall or in our remote, cloud-based Key Storage Server. Amazingly system performance degradation is nearly always less than 1%, the implementation is very straight forward, and the cost is very reasonable, much less than developing your own solution from scratch.
echoBase recently released a new solution for doctor’s offices that provides physicians the new mobile platform they have been clamoring for. It provides mobile access to EMR, PM, Imaging, ePrescribe and other clinical systems. All of the Patient Health information is protected by Gazzang’s encryption solution.
In conclusion, the notification requirements contained in the HIPAA regulations can be costly monetarily, as well as scarring both the reputation of your company, and also your personal, professional reputation. If there is a way to avoid these nightmares, don’t you think it’s worth an investigation? Why don’t you contact us today at firstname.lastname@example.org, and let us show you how we can help.