HIPAA Complaince | HITECH Complaince | HyTrust

HIPAA and HITECH Compliance

HIPAA and HITECH Compliance and Protecting ePHI

Encryption and Administrative Controls are Key

HIPAA, the Health Insurance Portability and Accountability Act and the follow-on HITECH (Health Information Technology for Economic and Clinical Health) Act are broadly speaking a set of rules designed to protect the confidentiality and integrity of ePHI, electronic protected health information. Any covered entity (CE, insurance companies, healthcare providers etc.) is required to take a number of steps to protect this important patient data including security, administrative and technical.

Non-compliance can result in civil or criminal penalties that can reach $1.5M per incident per year. In addition to fines, organizations also face the onerous task of notifying the public in the event of a serious data breach and the resulting loss of reputation.

The loss of a large number of ePHI records in a single incident is the biggest risk healthcare providers face. When data is held within major clinical applications, the controls of the application itself usually offer sufficient protection from mass data exfiltration.  However ePHI is commonly exported or available in other systems with far less protection, and that’s where the risk of large-scale data loss is significant.

Fortunately, the Safe Harbor provision of the HHS HIPAA rules allows covered entities to avoid breach notification if the data is encrypted to an acceptable standard.  And obviously using encryption also means that the data will not be misused if it gets into the wrong hands.

HyTrust DataControl is a transparent data-at-rest encryption solution that satisfies the Safe Harbor provision. With support for virtual machines running Linux or Windows and centralized key management, DataControl is a simple but effective way to drastically lower the risk of a bulk ePHI data breach.

HyTrust also meets HIPAA/HITECH control requirements on virtual infrastructure. As more and more applications are virtualized, the virtual infrastructure supporting those applications also becomes in-scope for HIPAA, and a source of risk.

White Papers

A Practical Guide to HIPAA- compliant Virtualization

Healthcare enterprises have achieved major cost savings,...

Learn More

Solution Briefs

Can You Be HIPAA/HITECH Compliant in the Cloud?

As more organizations virtualize their clinical and...

Learn More
We have placed cookies on your device to help make this website better. By continuing to use this website you agree to our Cookie Policy.