Compliance
Contact Us
- Visa PCI Compliance
- NERC Compliance
- HITECH Act Compliance
- HIPAA Compliance
- Sarbanes-Oxley Compliance
- Basel II Compliance
- GLBA Compliance
- ISO 17799 Compliance
- FFIEC Compliance
- CA SB 1386 Compliance
- DCID 6/3 Compliance
- DoD 8100.2 Compliance
- FISMA Compliance
- NISPOM Compliance
Contact Us
Home > Compliance > HIPAA Compliance
HIPAA Security Compliance
What is HIPAA?
HIPAA, the Health Insurance Portability and Accountability Act of 1996, is designed to improve the efficiency and effectiveness of the health care system and reduce the incidence of fraud. The focus of this regulation requires, among other things, the secure electronic transfer of patients' health care information. Recognizing the inherent risks of not securing this information, HIPAA contains regulations for information privacy and information systems security. As of April 2006, all healthcare providers must comply with this law.
Who is affected by HIPAA?
All entities that handle, maintain, store, or exchange private health or patient-related information, regardless of size, are subject to HIPAA requirements. This includes the following: healthcare organizations; employers maintaining health records; health plans; life insurers; most doctors, nurses, pharmacies, hospitals, clinics, nursing homes; and many more.
Companies that contract or conduct electronic business transactions related to medical services are also affected, including claims inquiries, payment advice, eligibility inquiries, and referral authorization inquiries.
What are the requirements of HIPAA?
HIPAA requires safeguards to improve the confidentiality of patient information. It includes a Privacy Rule and a Security Rule, both of which require healthcare organizations to increase the security of their patient-related data.
The HIPAA Privacy Rule requires health plan administrators, healthcare clearinghouses, and healthcare providers to protect and secure any individually-identifiable health-related information. The Privacy Rule broadly covers all types of patient health information including written, oral, and electronic.
The HIPAA Security Rule ensures the confidentiality, integrity, and availability of electronic protected health information (ePHI). It provides a uniform level of protection of all health information that (a) is housed or transmitted electronically, and that (b) pertains to an individual. The Security Rule specifies certain safeguards that are "required" (i.e., must be implemented) and others that are "addressable" (i.e., do not have to be implemented if the organization can document why the specification is not reasonable or appropriate to its circumstances). These include:
- Authentication: authenticating entities or individuals prior to data access (required)
- Data Integrity: protecting against unauthorized modifications (addressable)
- Data Access: controlling which users, applications, and devices can access patient information (addressable)
- Data Confidentiality: encrypting data in transit or at rest (addressable)
Compliance with the wide-ranging HIPAA regulations requires a comprehensive effort within an organization, including the development of many internal policies, ongoing training, and audits of personnel and practices.
Data encryption is the best way to comply with HIPAA's Security Rule regarding effective network security. HIPAA-compliant networks are those where data is protected throughout the network.
What are the penalties for HIPAA non-compliance?
Patients can file claims with the U.S. Department of Health and Human Services (DHHS) if they believe a covered entity is non-compliant with HIPAA requirements. Those found in violation of HIPAA could face:
- Civil penalties of $100 per violation up to $25,000 per year for each violation or prohibition violated
- Criminal penalties for knowingly violating patient privacy of up to $250,000 and 10 years imprisonment
When you need to encrypt your data in motion, CipherOptics makes it easy. Whether you need to protect a single link, or your entire network, we eliminate the complexity of encrypting today's networks.
Our solutions combine standards-based, wire-speed encryption appliances with CipherEngine, the only policy definition and key distribution technology designed for multi-node networks. Together, they give you the highest level of data protection at the lowest total cost. CipherEngine gives you the power to protect data in motion wherever, however and whenever you want, without changes or disruptions to your network, your infrastructure, or your operations.
To see just how easy it can be to comply with HIPAA's Security Rule, call 1-877-878-6655 or feel free to ask us a question.
Learn More About:
Network Encryption
Ethernet Encryptors
IP Encryptors
CipherEngine Policy and Key Management
Helpful Resources
Department of Health and Human Services HIPAA Site