Healthcare – HIPAA & HITECH
Securing PHI and Complying with HITECH
The federal Health Insurance Portability and Accountability Act (HIPAA) requires healthcare organizations to maintain the confidentiality of electronic health information that can be linked to an individual patient (electronic Protected Health Information, or ePHl).
Penalties and criminal enforcement of the HIPAA Security Rules were made stronger via several provisions in The Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009. The HIPAA Security Rules requires healthcare organization to adopt the appropriate safeguards to protect the confidentiality, integrity and availability of patients’ protected health information.
Encrypting ePHI is an acknowledged best practice for complying with the requirements of the HIPAA Security Rule and providing cloud privacy. To assist physician practices, the AMA has made available its document, “HIPAA Security Rule: Frequently asked questions regarding encryption of personal health information”. This resource explains the importance of encrypting ePHI and provides guidance on determining levels of data sensitivity and recommendations on encryption methods to consider.
ePHI lives on healthcare provider networks in many places, including e-mail systems, CRM systems, customer databases and practice management applications to name a few. Safeguards should be put in place to secure not only this sort of internal information, but also information that is processed and stored on external networks – including cloud based systems. It’s important to understand where this data is stored on internal network so that it can be properly secured. And encryption should be applied to all ePHI information that leaves a healthcare organization’s internal network and travels outside of its firewalls.
Blue Coat is used by healthcare providers to enable their moves to the cloud while protecting their ePHI information.
Only Blue Coat Can Deliver
Strongest Available Cloud Data Control – No data is shared in “the clear” outside of your network; data is secured at the field-level control based on user defined tokenization or encryption options. Enterprise retains full control of the token vault and/or the encryption keys securing the data.
Only Solution That Supports FIPS 140-2 Encryption While Preserving Cloud Functionality – To preserve application functionality, all other vendors require the use of their own proprietary weakened encryption within their platform solution. Close analysis of their modules and associated certifications reveals that non-compliant algorithms unavailable in FIPS-mode are required to encrypt sensitive data when an enterprise needs to preserve critical cloud functionality.
Only Solution with 3rd Party Audited Tokenization Solution – Blue Coat enables organizations to use well documented and proven tokenization techniques to protect information as an alternative to encryption. The tokenization technique deployed within the platform – which is especially useful for data residency and data sovereignty requirements – has been audited and validated against relevant industry standards by CoalFire Inc, a PCI DSS QSA and a FedRAMP 3PAO.
Doesn’t Tie Support of Cloud Application Functionality to the use of Specific Encryption Techniques – Enterprises value flexibility because nothing is as certain as change. Only Blue Coat lets enterprises change the underlying data protection techniques used within the platform over time – at their own discretion – as they see fit. All other alternatives in the marketplace require the use of specific, unproven techniques in order to preserve cloud application functionality.