Enabling Privacy Compliance with HIPAA and HITECH Acts

While HIPAA Security and Privacy Regulations have been finalized for years, until recently there were no funds set aside to audit compliance – leading to lax regulatory enforcement. In February 2009, The HITECH Act as well as provisions in the overarching American Reconstruction and Recovery Act (ARRA), created a new regulating body of both HIPAA privacy and security compliance within the Department of Health and Human Services' Office of Civil Rights.

The Federal Trade Commission is now responsible for data breach disclosure for vendors of patient health records. In addition, the HITECH Act calls for nationwide data breach disclosure of unprotected (unencrypted) health information. The HITECH Act also expands coverage of the security standard to business associates of "covered entities" (payors, providers and clearing houses). Experts now agree that to ensure compliance and eliminate the costs and brand damage associated with data breaches, HIPAA covered entities and their business partners need to move to encrypt patient data as soon as possible.

Vormetric HIPAA-HITECH Compliance Solution

Vormetric Data Security delivers dual value for HIPAA Security, HIPAA Privacy and HITECH Breach Disclosure Safe Harbor, enabling covered entities to:

• Gain safe harbor from HITECH data breach disclosure through meeting DHHS, FTC, HITECH and NIST 800-111 requirements
• Quickly, in as little as 5 days, implement high performance, transparent encryption with and access control for databases, files, content management systems, and other stored electronic patient health records
• Obtain strong separation of duties and mitigate insider threat
• Implement HIPAA Security mandated access controls and addressable encryption requirements
• Lower overall cost through ease of key management and rapid implementation