Complying with the HIPAA Security Rule
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) defines guidelines for protecting the privacy and security of electronic patient information. The guidelines apply to both “covered entities” – health care providers, plans and clearing houses – and their “business associates.” HIPAA includes two main rules for protecting patient data – the Privacy Rule and the Security Rule. For organizations that store data in the cloud, the Security Rule is of particular concern. While the cloud offers many benefits in terms of cost, scale, and business agility, it poses new challenges in terms of security and compliance.
Achieving a Safe Harbor in the Cloud
The Security Rule protects all individually identifiable health information that an organization creates, receives, maintains or transmits in electronic form (e-PHI). In case of data exposure, HIPAA reporting requirements are stringent and resource-intensive. Significant fines may ensue, as well as damage to reputation. To enable organizations to minimize the risk of both data loss and the need to report, the HIPAA guidelines specify technologies that render data unreadable and unusable. If those technologies are implemented, the organization can usually claim to have achieved a “safe harbor”. Data encryption is one of the key technologies that enable you to achieve safe harbor status and many experts believe that in the near future, encryption will become a required standard.
HIPAA Cloud Compliance with Porticor
Porticor Virtual Private Data is a cloud encryption and key management solution that enables you to comply with HIPAA and achieve safe harbor. It is a complete solution that combines state of the art encryption with patented cloud key management. Porticor VPD encrypts the entire data layer including virtual disks, databases, files, object storage and more. It also addresses the processes necessary for managing your encryption environment and encryption keys. It provides the strong security needed for compliance in a convenient, cost-effective, fully cloud-based solution.
Porticor’s key management solution is the first of its kind. Like a Swiss banker offering a traditional safe deposit box, Porticor requires two keys to encrypt or decrypt an object. In addition, each key is encrypted – to protect it while it is resident in your cloud account – using patent-pending homomorphic key management technology.
With Porticor, you hold a Master Key which is never present in the cloud in a plain, unencrypted form. Therefore you retain control of your encrypted data – without having to install and maintain expensive key management servers on premise. Porticor VPD is the only pure cloud solution where you – and only you – hold the key to your data.
For a more detailed explanation of how Porticor helps you to comply with each of the Technical Safeguards listed above, download the whitepaper now.