Meeting Data-at-Rest Discovery and Classification Requirements for HIPAA HITECH Act Compliance
HIPAA legislation requires Health Care providers, Health Plans, Health Care Clearinghouses, and those who carry out tasks on their behalf to handle personal healthcare data responsibly and securely.
Two key pieces of US Federal legislation define security compliance requirements for healthcare providers to protect data at rest:
HIPAA – The US Health Insurance Portability and Accountability act (HIPAA) of 1996. The HIPAA Security Rule requires covered organizations to implement technical safeguards to protect all Electronic Personal Healthcare Information (ePHI), making specific reference to encryption, access controls, encryption key management, risk management, auditing and monitoring of ePHI information. The HIPAA Security Rule then goes on to set out numerous examples of HIPAA encryption methods which can be employed and the factors to consider when implementing and ensuring the success of a HIPPA encryption strategy. It also mandates that breaches of unsecured protected health information are reported.
HITECH – Health Information Technology for Economic and Clinical Health (HITECH) Act - enacted as a part of the American Recovery and Reinvestment Act (ARRA) of 2009. The HITECH act then expands the compliance requirement set, requiring the disclosure of data breaches of "unprotected" (unencrypted) personal health records (PHR), including those by business associates, vendors and related entities. And finally, the "HIPAA Omnibus Rule" of 2013 formally holds business associates liable for compliance with the HIPAA Security Rule.
Spirion provides a solution to help organizations discover, classify, monitor and respond in order to meet HIPAA Security Rule and HITECH compliance requirements transparently - without changes to operational processes and the daily work of healthcare professionals. Spirion provides technical safeguards to automatically identify and classify electronic protected health with an easy-to-deploy, centrally managed solution that integrates with your existing security infrastructure. Spirion's open APIs allow integrations with your existing DLP tools, encryption software, data-archiving and storage solutions offered by leading technology providers such as Symantec, Intel Security and others to help increase the benefits from existing spend on these data security solutions.