Network Encryption from CipherOptics
 
 
 Company Overview
 Executive Team
 Board of Directors
 Executive Advisory Board
 Newsroom
 In the News
 Tradeshows & Events
 Industry News
 Trophy Room
 Press Releases
 Careers
 Solutions Overview
 Network Encryption
 MPLS Network Security
 Metro Ethernet Security
 International Data Protection
 Network Security & Data Protection
 Disaster Recovery
 Ethernet Encryption
 Point-to-Point Encryption
 Real-time & High-volume Applications
 Secure Information Sharing
 Products Overview
 CipherEngine™
 Security Gateways
 Service Offerings
 Resource Center
 Compliance Overview
 HIPAA Compliance
 Sarbanes-Oxley Compliance
 GLBA Compliance
 CA SB 1386 Compliance
 PCI DSS Compliance
 Basel II Compliance
 FERPA Compliance
 FFIEC Compliance
 ISO 17799 Compliance
 NERC Cyber Security
 Government Overview
 Government Regulations
 FISMA Compliance
 DoD 8100.2 Compliance
 NISPOM Compliance
 DCID 6/3 Compliance
 Government Security News
 10Gig Network Encryption
 Partner Overview
 Strategic Partners
 Resellers
 Technology Partners
 Become a Partner
 Partner Portal Login
 Contact Information
 Web Contact Form
 Support
 
   

Compliance

Quick Links
Secure Information
Sharing
White Papers
CipherEngine
Resource Center
Compliance Video
Regulatory Compliance Overview Video
Watch the video
Contact Us


HIPAA Security Compliance

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is designed to improve the efficiency and effectiveness of the health HIPAA Compliance care system and to reduce the incidence of fraud. The focus of this policy requires, among other things, the secure transfer of electronic health care information. Recognizing the risks inherent to that, HIPAA contains regulations for information privacy and information systems security. All healthcare providers must now (as of April 2006) comply with the law.

How does CipherOptics help?
CipherOptics CipherEngine enables Secure Information Sharing, which assures the confidentiality, authenticity, and integrity of data in motion on any network. Our approach to protecting both your network and your data is to deny access to everyone, permit by exception. With that as our driving force, our solutions provide you with both encryption and authentication of all your critical information.

We use 256-bit AES encryption that is approved by the government for "sensitive but unclassified" information; our solutions authenticate networks and packets, as well as, protect data. Using the robust secure hash algorithm (SHA-1) to verify the integrity of the data, rejecting any packets that have been manipulated or altered.

The CipherEngine solution secures health information by applying the most robust encryption protection to data when it is most vulnerable - traveling over the network. For example: Click to open larger diagram A hospital is complying with HIPAA regulations by using the CipherEngine solution to encrypt radiology files sent to a disaster recovery site over a Gigabit Ethernet line. So whether an undetectable sniffer captures patient medical information on a network link or an ISP accidentally misrouts a data stream, the confidentiality of health-related information is assured.

CipherEngine can also help protect electronic health information in storage by thwarting intrusion at the network level, not at the storage level. Its deterministic firewall feature can reject any packets that lack proper encryption-based authentication. Thus, only data originating from the original sender of the data can pass through to the storage network. This effectively turns the storage network dark to all unauthenticated traffic from the network.

Network-wide Secure Information Sharing is an important part of best practices - for keeping patient data confidential and for complying with HIPAA. CipherOptics offers a reliable and proven method of ensuring HIPAA requirements for data confidentiality, integrity, and authentication.

What does CipherOptics do?
CipherOptics is the leader in network-wide encryption. Offering an innovative policy and key management solution, coupled with high speed, low latency encryption technology, CipherOptics helps their customers mitigate the risk of data leakage, loss and theft over any network.

Who is affected by HIPAA?
All entities that handle, maintain, store, or exchange private health- or patient-related information, regardless of size, are subject to HIPAA requirements. This includes the following: healthcare organizations; employers maintaining health records; health plans; life insurers; most doctors, nurses, pharmacies, hospitals, clinics, nursing homes; and many more.

Companies that contract or conduct electronic business transactions related to medical services (e.g., claims inquiries, payment advice, eligibility inquiries, referral authorization inquiries) are also affected.

What are the requirements of HIPAA?
HIPAA requires safeguards to improve the confidentiality of patient information. It includes a Privacy Rule and a Security Rule, both of which require healthcare organizations to increase the security of their patient-related data.

The HIPAA Privacy Rule requires health plan administrators, healthcare clearinghouses, and healthcare providers to protect and secure any individually-identifiable health-related information. The Privacy Rule broadly covers all types of patient health information including written, oral, and electronic.

The HIPAA Security Rule ensures the confidentiality, integrity, and availability of electronic protected health information (ePHI). It provides a uniform level of protection of all health information that (a) is housed or transmitted electronically, and that (b) pertains to an individual. The Security Rule specifies certain safeguards that are "required" (i.e., must be implemented) and others that are "addressable" (i.e., do not have to be implemented if the organization can document why the specification is not reasonable or appropriate to its circumstances). These include:
  • Authentication: authenticating entities or individuals prior to data access (required)
  • Data Integrity: protecting against unauthorized modifications (addressable)
  • Data Access: controlling which users, applications, and devices can access patient information (addressable)
  • Data Confidentiality: encrypting data in transit or at rest (addressable)

What are the penalties for HIPAA non-compliance?
Patients can file claims with the U.S. Department of Health and Human Services (DHHS) if they believe a covered entity is non-compliant with HIPAA requirements. Those found in violation of HIPAA could face:
  • Civil penalties of $100 per violation up to $25,000 per year for each violation or prohibition violated
  • Criminal penalties for knowingly violating patient privacy of up to $250,000 and 10 years imprisonment

How do institutions comply with HIPAA?
Compliance with the wide-ranging HIPAA requirements requires a comprehensive effort within an organization including the development of many internal policies, ongoing training, and audits of personnel and practices.

Data encryption is the best way to comply with HIPAA's Security Rule regarding effective network security. HIPAA-compliant networks are those where data is protected throughout the network. Compliance with the Security Rule also requires implementation of effective data confidentiality, integrity, access, and authentication technology.

Helpful Resources
HIPAA Statute
HIPAA Final Security Rule
HIPAA Security Standards: Technical Safeguards