REGULATORY OVERVIEW:

The specific data protection requirements within HIPAA include:

The Privacy Rule establishes regulations for the use and disclosure of Protected Health Information (PHI). PHI is any information about health status, provision of health care, or payment for health care that can be linked to an individual.

The Security Rule deals specifically with Electronic Protected Health Information. It lays out three types of security safeguards to protect the confidentiality, integrity and availability of patient health information: administrative, physical, and technical.

• Physical Safeguards - controlling physical access to protect against inappropriate access to protected data
• Technical Safeguards - controlling access to computer systems and enabling covered entities to protect communications containing PHI transmitted electronically over open networks from being intercepted by anyone other than the intended recipient.

The Enforcement Rule sets civil money penalties for violating HIPAA rules and establishes procedures for investigations and hearings for HIPAA violations, however its deterrent effects seems to be negligible with few prosecutions for violations.

VORMETRIC SOLUTION:

The Vormetric Data Security Expert strongly protects the confidentiality, integrity and auditability of patient health information where ever it is stored - all the while allowing system administrators to perform their data management tasks. Context-aware access control protects data by controlling who gains access, but also when, where and how they request access to all protected data whether it is local or networked. Implementation can be done in little time without affecting the applications, networks and storage architecture, allowing patient data to remain readily available.