Securing PHI and Complying with HITECH
The federal Health Insurance Portability and Accountability Act (HIPAA) requires healthcare organizations to maintain the confidentiality of electronic health information that can be linked to an individual patient (electronic Protected Health Information, or ePHl).
Penalties and criminal enforcement of the HIPAA Security Rules were made stronger via several provisions in The Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009. The HIPAA Security Rules requires healthcare organization to adopt the appropriate safeguards to protect the confidentiality, integrity and availability of patients’ protected health information.
Encryption
Encrypting ePHI is an acknowledged best practice for complying with the requirements of the HIPAA Security Rule. To assist physician practices, the AMA has made available its document, “HIPAA Security Rule: Frequently asked questions regarding encryption of personal health information”. This resource explains the importance of encrypting ePHI and provides guidance on determining levels of data sensitivity and recommendations on encryption methods to consider.
ePHI lives on healthcare provider networks in many places, including e-mail systems, CRM systems, customer databases and practice management applications to name a few. Safeguards should be put in place to secure not only this sort of internal information, but also information that is processed and stored on external networks – including cloud based systems. It’s important to understand where this data is stored on internal network so that it can be properly secured. And encryption should be applied to all ePHI information that leaves a healthcare organization’s internal network and travels outside of its firewalls.
PerspecSys is used by healthcare providers to enable their moves to the cloud while protecting their ePHI information (see how Inland Empire Health Plan is benefiting from this approach).
Only PerspecSys Can Deliver:
- Cloud Data Protection – No data is shared in “the clear” outside of your network control; data is secured with field-level control based on user defined tokenization or encryption options
- Tokenization and Industry Approved “Strong Encryption” – Organizations can select from an array of included tokenization or encryption options or utilize their own encryption approaches
- Full SaaS Application Functionality – Users have complete access to the features and functions of the SaaS application such as searching, reporting, and e-mailing
- Simple Configuration and Deployment – Administrative dashboard allows companies to easily configure their data protection policies and adapters provide connections with popular Cloud-based applications
- Flexibility – The solution is designed to fit with the way organizations want to do business. For example, the Cloud Data Protection gateway can be deployed in a variety of architectural configurations to meet an organization’s specific security needs.
Learn more about the PerspecSys Cloud Data Protection Gateway by visiting our Resource Center.
