US Health Insurance Portability and Accountability Act (HIPAA) | HITECH Data Security

Encryption, Key Management, and Access Controls for organizations to comply with HIPAA Privacy regulations and safeguard PHI data.

Overview

What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) sets the privacy standards for protecting sensitive patient data. As per the HIPAA regulations, healthcare organizations and companies that handle sensitive protected health information (PHI) must have certain processes and security measures in place to handle this data. HIPAA provides the necessary framework that controls who has access to and visibility into the health data and restricting the sharing of this sensitive data.

Health Information Technology for Economic and Clinical Health (HITECH) Act
HITECH Act enacted in 2009 expands the scope of HIPAA bringing business associates and partners and vendors under the scope of HIPAA and holds them liable for compliance.

Challenges with HIPAA compliance

Complying with HIPAA can allow organizations to save millions of dollars that can be lost due to damages and fines levied because of data breaches. With more data and workloads moving to multicloud environments, some of the challenges faced by organizations in complying with HIPAA are:

Access controls – Controlling access to data can be challenging depending upon where the data resides and the systems in use.
Data integrity - Ensuring that the data can be read, modified, and deleted only by the authorized person.
Data transfer - Ability to control how the data is transferred, the methods used, and the approval.

What We Do?

Encryption and Key Management

Fortanix helps enterprises secure their sensitive data and achieve privacy compliance with a cloud-based integrated solution for Tokenization, Key Management and Encryption.

Transparent database encryption

Fortanix integrates with native database encryption to manage and store the cryptographic keys required to encrypt all your databases including Oracle, MS SQL Server, MongoDB, PostgreSQL, MySQL, Maria DB, IBM DB2, and more.

Confidential Computing

Confidential computing protects data and applications by running them in secure enclaves that isolate the data and code to prevent unauthorized access, even when the compute infrastructure is compromised.

Featured Resource

EBook: Data Privacy in Public Cloud

In a way, the challenges related to data privacy in the public cloud are like an exponential of an exponential. The use of private data is growing exponentially. The proportion of that data held in the public cloud is expected to double between 2018 and 2025. There has been an explosion in activity from data privacy regulators, increasing the cost of leaving data unprotected.

Learn More

How Fortanix can help meet HIPAA compliance?

Fine-grained access controls for users and data

Only the authorized person is given access to the encryption keys of the sensitive data and only for a specified duration of the business case.

Tamper proof audit logging

All access to personal data is automatically logged in a centrally viewable tamper-proof global audit trail by Fortanix. There is never any dispute about who accessed which data and when.

Tokenize PHI data

Comply with HIPAA regulations by substituting electronically protected health information (ePHI) and non-public personal information (NPPI) using a tokenized value.

Cryptographically enforced policy and auditing

Fortanix manages and enforces security policies including identity verification, data access control, and attestation to ensure the integrity and confidentiality of data, code, and applications. Using these policies, businesses can implement geo-fencing, and compute affinity to support data regulation policies such as HIPAA.

CISOs, CROs, and compliance leaders need to realize that there is no safe harbor for HIPAA compliance and cloud services. Moving protected health information into the cloud requires due diligence, defensible decision making, and the acceptance of risk.

Gartner Security of HIPAA data in cloud is still your responsibility